[j-nsp] sip calls through srx fail after approx 15 min
Majdi S. Abbas
msa at latt.net
Thu May 28 15:19:50 EDT 2015
On Thu, May 28, 2015 at 12:10:48PM -0700, Andy Litzinger wrote:
> So are you saying that the sip alg can not be disabled? Or that I won't be
> able to get sip to work through the SRX without using the alg? Thanks for
> bringing up NAT, I did forget to mention our NAT setup. The provider
> requires that NAT and not PAT is used. I've accomplished that by source
> NAT for the pbx (perhaps I should switch to static NAT?).
Oh, you can disable it now, but calls might very well stop
working.
If you use static NAT, and configure the phones or PBX for their
real IP, so they generate working SIP, you could probably disable the
ALG. I'm not sure that disabling it buys you very much, but it should
be doable provided both sides are NAT aware and form their SIP with
that in mind.
But, since calls are working the ALG may not be your problem,
just Juniper's sadly low SIP timeout. Turning off the ALG may not
disable the NAT timeout.
If it were me, I'd try increasing the timeout before switching
to static NAT, embedding that static IP in a bunch of configs, etc.
--msa
More information about the juniper-nsp
mailing list