Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Bronze

Running CUBE behind a Sonicwall NAT/Firewall

I figured I'd not something on here since I couldn't find any concrete info on making this work. 

So, there appears to be a bug in the Sonicwall OS as it related to the native "SIP Transformations" functionality that is supposed to translate public IP's from Private IP's on SDP's between a NAT'd CUBE and a Public IP ITSP.  The issue is actually a bug in the Sonicwall OS.

What is happening, is the Sonicwall only transforms the first Connection (c) attribute of the SDP, and CUBE sends two or more per RFC allowing for that.  We're working with them to fix that, but until they do, I think the only way to get this to reliably work is to turn off Sonicwall's SIP Transformations feature, and do your own SDP rewriting on the CUBE itself.  It's not as elegant, but that will work.

Everyone's tags (2)
3 REPLIES
Community Member

Running CUBE behind a Sonicwall NAT/Firewall

I'm not to familar with Sonicwall, but I now with my Juniper Firewall I had to disable SIP ALG. Are there any ALG options available?

Bronze

Running CUBE behind a Sonicwall NAT/Firewall

Hi Derrick,

There's no dedicated setting for that, just the one checkbox for enabling SIP Transformations.  Sonicwall has admitted this is bug in non-compliance with the SIP RFC for having multiple connection (c) lines in the SDP, which the CUBE sends out. We're waiting to test a hotfix they provided, so hopefully that'll resolve our issues and end up in a SonicOS build later on.

Bronze

It gets better. Their first

It gets better.

 

Their first "fixed" build broke it more, and we're now requested to try yet another build.  

 

I had a separate thread for this, but I'm curious, is anyone running CUBE behind a non-ALG NAT, using SIP transforms in CUBE to rewrite media IP addresses in invites?

624
Views
0
Helpful
3
Replies
CreatePlease to create content