Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

"Public IP" in network topology 1

Status
Not open for further replies.
d00ner62

d00ner62

Technical User
Nov 15, 2011
238
CA
What is the actual point of the "public IP" portion of the network topology?

If I have IP based SIP Trunks, and the customer has "failover" internet. Meaning that when the backup internet kicks in, all internet traffic will be natting out with a new public IP. If the "new" public IP is different from the IP set in the network topology, will the sip trunks not work. Keep in mind that the SIP provider will accept traffic from both IPs and all firewall rules are correct.

My worry is that no matter the "NAT" created by the firewall, the IP office will setup its sip messages with the IP that is SET in the "network topology".

And yes I have confirmed that this will work with registration based sip trunks, however the carrier they are using does not do registration based.

Just looking more or less as to what the "network topology" setting of PUBLI IP really does if anything in terms of SIP messages or any sort of signalling or security.
 
Sort by date Sort by votes
Besides your worries, did you test what happens if the main internet connection goes down?
 
Upvote 0 Downvote
It changes the internal IP address in the SIP packets to the public IP address. If you are using a failover internet connection then it is better to not use Network topology on the phone system and to use SIP ALG/Transformations on the firewall to do that IP translation.

| ACSS SME |
 
Upvote 0 Downvote
Or better yet connect through an SBC to ensure reasonable security.



Do things on the cheap & it will cost you dear
 
Upvote 0 Downvote
Or even better is registered trunks, any IP be it internal or external can be dynamic, you don't need an SBC for security so no outlay because you don't need any port forwarding as the registration process keeps the return path open.
Win, win, win :)

 
Upvote 0 Downvote
Unfortunately Gamma (& Possibly others) will not accept registration credentials & only authenticate using IP Address.

this was implemented for security reasons (Gamma's not the end user's)


Do things on the cheap & it will cost you dear
 
Upvote 0 Downvote
Gamma did it to push security to the end users and away from themselves, hacking on Gamma trunks went up hugely when they did that due to all the port forwarding that then became necessary...but hey, it's not their problem and they gained revenue from the hacked calls, of course they're happy :)

 
Upvote 0 Downvote
If you are using a STUN server the public IP will be filled out automatically.

During a fail over period, the STUN will re-write the packets based on which ever broadband is used.



ACSS - SME
General Geek
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Raff-Tech
  • Locked
  • Question
Avaya IP Office Management API: how set "Unique Identity"
Replies
4
Views
436
Raff-Tech
Raff-Tech
phoneguy427
  • Question
Networked IP office ringing over amplifier 3
Replies
4
Views
364
phoneguy427
phoneguy427
IamaSherpa
  • Locked
  • Question
Expansion modules "+" type
Replies
3
Views
275
IamaSherpa
IamaSherpa
dsm600rr
  • Locked
  • Question
IX Workplace - "Your messages may not be up to date"
Replies
4
Views
449
sizbut
sizbut
bwbwbw
  • Locked
  • Question
IPO 9.0 9611 "VPN Tunnell Failure" 1
Replies
4
Views
227
Westi
Westi

Part and Inventory Search

Sponsor

Back
Top