Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

"Public IP" in network topology 1

Status
Not open for further replies.

d00ner62

Technical User
Nov 15, 2011
238
CA
What is the actual point of the "public IP" portion of the network topology?

If I have IP based SIP Trunks, and the customer has "failover" internet. Meaning that when the backup internet kicks in, all internet traffic will be natting out with a new public IP. If the "new" public IP is different from the IP set in the network topology, will the sip trunks not work. Keep in mind that the SIP provider will accept traffic from both IPs and all firewall rules are correct.

My worry is that no matter the "NAT" created by the firewall, the IP office will setup its sip messages with the IP that is SET in the "network topology".

And yes I have confirmed that this will work with registration based sip trunks, however the carrier they are using does not do registration based.

Just looking more or less as to what the "network topology" setting of PUBLI IP really does if anything in terms of SIP messages or any sort of signalling or security.
 
Besides your worries, did you test what happens if the main internet connection goes down?
 
It changes the internal IP address in the SIP packets to the public IP address. If you are using a failover internet connection then it is better to not use Network topology on the phone system and to use SIP ALG/Transformations on the firewall to do that IP translation.

| ACSS SME |
 
Or better yet connect through an SBC to ensure reasonable security.



Do things on the cheap & it will cost you dear
 
Or even better is registered trunks, any IP be it internal or external can be dynamic, you don't need an SBC for security so no outlay because you don't need any port forwarding as the registration process keeps the return path open.
Win, win, win :)

 
Unfortunately Gamma (& Possibly others) will not accept registration credentials & only authenticate using IP Address.

this was implemented for security reasons (Gamma's not the end user's)


Do things on the cheap & it will cost you dear
 
Gamma did it to push security to the end users and away from themselves, hacking on Gamma trunks went up hugely when they did that due to all the port forwarding that then became necessary...but hey, it's not their problem and they gained revenue from the hacked calls, of course they're happy :)

 
If you are using a STUN server the public IP will be filled out automatically.

During a fail over period, the STUN will re-write the packets based on which ever broadband is used.



ACSS - SME
General Geek
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top