Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1127
Views
0
Helpful
6
Replies

Deciding on network topology of router and FW and which one should handle NAT

Miles Simpson
Level 1
Level 1

‎06-06-2013 01:11 PM - edited ‎03-10-2019 12:22 PM

We currently support a third party VOIP software. Recently we have had issues with our T38 faxing to our SIP Trunk provider because our FW (sonicwall) doesn't support Nating the connection address within the SDP packet of the T.38 reinvite. This has caused us to look at alternate solutions. I have been in discussion with CISCO sales engineers and can't get a straight answer on which one of their products support this(RFC 3362, T.38 protocol used by our VOIP server)

. We were looking at replacing our sonicwall with an ASA but it seems it doesn't support RFC 3362 either . However, the sales engineer thinks that their regular routers will. So If I purchase a cisco router, i.e 8xx or 2621XM the question is where do I put it in my current topograpy. Currently we our at a Datacenter and our drop into our cabinet comes right into the Sonicwall and we have all NAT handled there, routing to different LAN ports on the Sonicwall. On LAN side all we have are standard switches supporting all of our Servers. So with the whole back story here are my questions.

If I buy a Cisco router to handle my NAT issue for faxing....

Do I put it on the WAN or LAN side of my FW?

Do I setup the router to handle all of my NATing or just the NATing of my VOIP server that is having issues with the T.38?

Would I need a Sonicwall FW if I purchased a CISCO 891?

Labels:
0 Helpful
6 Replies 6

ALIAOF_
Level 6
Level 6

‎06-06-2013 01:31 PM

So looks like per Cisco documentation ASA will support it:

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/product_data_sheet0900aecd8073cbbf.html

And router should as well:

http://smbitsolutions.wordpress.com/2012/05/31/foip-fax-over-ip/

Depending on your relationship with your Cisco vendor you can probably have them send you a used ASA and Cisco router so that you can test it out.  Especially if you are making a big purchase they will work with you and send you used equipment for 3 to 5 days for testing.

0 Helpful

Miles Simpson
Level 1
Level 1
In response to ALIAOF_

‎06-06-2013 01:45 PM

I will have to check if the vendor will let me test. As for as support, i cannot determine that from those two documents. Yes I agree there is T.38 support of FoIP. However, are sonicwall supports FoIP as well. Unfortuanately there are different types of RFC's used for T.38 over VoIP and it isn't clear which or if all our supported. Sonicwall says they only support RFC 4612 not RFC 3362. Which basically decscribes that the image/t38 media type is intended to indcated a T.38 media stream in SDP as opposed to audio. So when the SonicWall doesn't see the Audio media type within the SDP packet it doesn't NAT the connection address.


0 Helpful

ALIAOF_
Level 6
Level 6
In response to Miles Simpson

‎06-06-2013 02:10 PM

What is this third party VoIP software?  Is the t.38 and audio being transfered via SIP or H323?

Here is a snippet from the link above:

These services support NAT and PAT, including  advanced features such as fax over IP (FoIP) using the T.38 protocol, an  ITU standard that defines how to transmit FoIP in real time.

0 Helpful

Miles Simpson
Level 1
Level 1
In response to ALIAOF_

‎06-06-2013 02:25 PM

When I say third-party I mean it isn't using Cisco call manager. We are using Interactive Intelligence. Yes it uses SIP. The problem is within the SDP of the packet there is a field called a connection address which tells where to route the RTP or T.38. My SonicWall is smart enough to inspect the SDP and NAT the connection address to match the IP on normal SIP messaging for call setup. However, when T.38 is used there is a media description field in the SDP that is set to "image" instead of "audio". When the SonicWall doesn't see the "audio" media type it doesn't NAT the connection address. So than when the packet reaches my SIP trunk provider the connection address is still a private IP.

0 Helpful

ALIAOF_
Level 6
Level 6
In response to Miles Simpson

‎06-06-2013 02:39 PM

Does your SonicWall allow you to disable the inspection of SIP packets?  I know it is enabled by default in ASA but you can disable it if you are having audio issues. 

0 Helpful

Miles Simpson
Level 1
Level 1
In response to ALIAOF_

‎06-06-2013 02:42 PM

It does but than my Voice calls won't work because the connection address on normal SIP invites will still have my Private IP.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card