[c-nsp] iChat AV and Cisco CBAC/NAT

Rodney Dunn rodunn at cisco.com
Thu Mar 15 14:45:23 EST 2007


> 
> 	Cisco doesn't actually care about SIP though from what I
> can tell as some of their devices (eg: 7970) don't handle SIP
> messages properly. 

We do care. I've spent some countless hours working
on whacky NAT problems were we didn't handle some embedded SIP payload
translation right. It's not that we don't care. It's that some of the
SIP implementations and timing conditions, etc. we just don't see
in the lab. Some we've never even heard of. 

> I don't think they test with anything but their
> own internal suites which appear to be buggy.  I was able to crash
> some older sip phones in the past by sending them a well formatted
> and innocious options message in the past.

I don't know all the details but I know they have some SIP test suites
that the NAT folks test with to try and make sure NAT can handle all of
them. It's not perfect for sure.

I'm sure no other vendor's NAT implementation that starts translating
embedded ip information is perfect either. 

If someone has found a bug where we don't translate open the TAC case
and it will be fixed if the SIP implementation is acting within specification.

Rodney

> 
> 	- jared
> 
> -- 
> Jared Mauch  | pgp key available via finger from jared at puck.nether.net
> clue++;      | http://puck.nether.net/~jared/  My statements are only mine.
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


More information about the cisco-nsp mailing list