Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] SIP, H.323, RTSP ALGs have problems with Interface Based NAT

0

0

Article ID: KB7407 KB Last Updated: 14 Dec 2017Version: 8.0
Summary:
SIP, H.323, RTSP connections are not working and Trust Interface is configured in NAT mode (interface-based NAT)
Symptoms:
Environment:
  • SIP
  • H.323
  • RTSP

Any application that uses SIP, H.323, or RTSP will not work properly if Interface Based NAT is configured.  The ALG will not translate the IP properly in the payload.
Solution:

These VoIP applications will only properly function when using policy based NAT.  This also affects IPSec VPNs.

To resolve this issue, it is strongly recommended that policy-based NAT (Source Network Address Translation within the policy) is used on the policies that the SIP, H.323 and RTSP traffic passes through.  Typically, when policy-based NAT is used, the Trust or Source Interface is changed to Route mode, and all policies (that are required to be NAT'd) are configured to use policy-based NAT.   However, It is okay that the Trust or Source Interface still remain in NAT mode, as long as the SIP, H.323 pass through a policy with NAT enabled on the policy. 

For information on configuring Policy-based NAT, consult: KB4771-Using the NAT Option in a Policy


Note: Refer to the Concepts and Examples ScreenOS Reference Guide for configuration examples of Source Network Address Translation in a policy too:
Volume 8:  Address Translation
Chatper 2: Source Network Address Translation
ScreenOS 5.4: http://www.juniper.net/techpubs/software/screenos/screenos5.4.0/CE_v8.pdf
ScreenOS 6.0: http://www.juniper.net/techpubs/software/screenos/screenos6.0.0/CE_v8.pdf
 

 

Modification History:
2017-12-07: Article reviewed for accuracy. Minor grammatical changes. Rest of the Article is correct and complete.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search