Application Notes for the Ingate SIParator with
Contents
1. AVAYA Avaya Solution amp Interoperability Test Lab Application Notes for the Ingate SIParator with Avaya Converged Communication Server CCS Issue 1 0 Abstract These Application Notes describe the configuration steps required for interoperability of the Ingate SIParator with the Avaya CCS in an enterprise SIP telephony configuration The SIParator performs SIP aware Network Address Translation NAT as well as firewall functions Basic and supplementary telephony services were tested Emphasis was placed on NAT as opposed to firewall functionality All tests were successful Information in these Application Notes has been obtained through compliance testing and additional technical discussions Testing was conducted via the DeveloperConnection Program at the Avaya Solution and Interoperability Test Lab FAS Reviewed Solution amp Interoperability Test Lab Application Notes l of 35 WCH 6 17 2004 2004 Avaya Inc All Rights Reserved IngateSIPNAT doc 1 Introduction Customers implementing multi location communication networks often use Network Address Translation NAT to conserve public IP addresses as well as hide the internals of the enterprise network configuration SIP communication networks additionally require NAT to be performed on IP addresses embedded in protocol layers above the IP layer e g Session Description Protocol SDP The Ingate SIParator permits customers to add this capability without impacting exis2. 1 1 200 255 255 255 0 10 1 1 0 10 1 1 255 r Agg new rows If save Undo Look up all IF addresses again Click Save after completing the page FAS Reviewed Solution amp Interoperability Test Lab Application Notes 25 of 35 WCH 6 17 2004 2004 Avaya Inc All Rights Reserved IngateSIPNAT doc 4 Select the Eth1 tab to specify parameters for the public interface Enter the values indicated The remaining values are default Basic lParator Networks and Configuration RADIUS SNMP Ethd Type Computers General Physical device name eth 1 Intertace name Outside 2 stats Interface ON Conhguration of the lParator Not allowed ll via this intertace Directly Connected Networks Please enter which IP address es the lParator should have on this interface DNS name IP i here pera Nenne or IP address address Nenas iii address address Be saz ouside D o0 __ 30 1 1 1002662552550 _ 30 1 1 0 30 1 1 255 Agg new rows If save Undo Look up all IF addresses again Click Save after completing the page FAS Reviewed Solution amp Interoperability Test Lab Application Notes 26 of 35 WCH 6 17 2004 2004 Avaya Inc All Rights Reserved IngateSIPNAT doc 5 Select the Basic Configuration tab and the following screen will be displayed Set the fields as indicated The other fields contain default values In this example the Default gateway is the edge router in the simulated SSP The Name server is the DN
3. 2004 Avaya Inc All Rights Reserved IngateSIPNAT doc The List Address Map page is displayed Help Eyit a List Address Extensions l Host Impress No address map entries Add Map In New Group Select Add Map in New Group FAS Reviewed Solution amp Interoperability Test Lab Application Notes 9 of 35 WCH 6 17 2004 2004 Avaya Inc All Rights Reserved IngateSIPNAT doc 3 The Add Address Map page will be displayed Specify a Name for the first address map and the Pattern match specification In this example all telephone extensions beginning with 5 are to be routed to Site B The pattern match specification is applied to the Uniform Resource Identifier URI field of incoming INVITE messages The URI usually takes the form where domain can be a domain name or an IP address In this example the user 1s actually the telephone number of the phone An example of a URI would be sip 50001 pop ssp com or sip 50001 10 2 2 50 The specification means match on the characters sip 5 if they occur at the beginning of the URI followed by any number of digits Check Replace URI When routing the incoming INVITE the CCS will replace the URI with the URI specified in the contact see Step 6 AVAVA Help Eyit si Add Address Map Host Impress eee Hame Siteb we Pattern sip 5 0 9 Beata es Replace URI M Fields marked are required Click on Add then click on Continue on the confirmation p
4. FAS Reviewed Solution amp Interoperability Test Lab Application Notes 2 of 35 WCH 6 17 2004 2004 Avaya Inc All Rights Reserved IngateSIPNAT doc SimulatedSIP Enterprise Enterprise IP level Service Site B i PNAT Provider Site A Cisco 3640 gt 200 cisco Network Router aes Catalyst NETWOrK 10 1 1 x 1 Seq 2924 Private ao IP SIP Avaya PRAT 4602 SIP Avaya P333T PWR E 100 Phone Modlar Stackable Ingate a IP Swtich SIParator ourer oe 30 1 1 x 52 Cisco Cisco Publi E Catalyst SIP Avaya CCS UDIIC ZW cisco 4006 Home Edge 3 SIP one Proxy Proxy 10 2 2 x SAVEL Public Cisco 40 10 2 2 x AS5300 Public _Voice ateway T1 PRI Avaya Server R avaya com pop ssp com Figure 1 Ingate SIParator Avaya CCS Test Configuration 2 Equipment and Software Validated The following equipment and software were used for the configuration in Figure 1 Equipment FAS Reviewed Solution amp Interoperability Test Lab Application Notes 3 of 35 WCH 6 17 2004 2004 Avaya Inc All Rights Reserved IngateSIPNAT doc 3 Configure the Avaya CCS The following steps describe configuration of the Avaya CCS to support a telephony user and to route calls to the SIParator Other standard installation and administration functions are covered in Reference 1 3 1 Adding a SIP Telephone User Description The Avaya CCS is configured using a web
5. be displayed again with the updated map information The address map administration is now complete Incoming INVITE messages whose URI matches either the PSTN or SiteB map specification will be routed to the contact shown AVAYA Help Exit To fois List Address Map TETI sic 15 Extensions Host impress Commands Name Commands Contact Edit Delete PSTN Maintenance Edit Delete Siteb Update Edit Delete sip userj 10 1 1 200 transport udp Add Another Map Add Another Contact Delete Group Add Map In New Group To apply the administration in Steps 1 8 above click on Update on the left side of the page This link appears on the current page whenever updates are outstanding and can be used at any time to save the administration performed to that point 4 Configure the Avaya 4602 SIP Telephone The following steps describe how to configure the 4602 SIP telephone to register with the CCS in enterprise Site A In this configuration the phone is configured with static settings Configuration using DHCP and HTTP servers can be found in Reference 2 Apply power to the telephone During the boot sequence the message Press to Setup will be displayed Press on the keypad at this time The current IP address will be displayed Enter the appropriate value and press The current IP address mask will be displayed Enter the appropriate value and press Press to end the configuration process at the phone The remai
6. browser Set the URL of the browser to the IP address of the CCS and log in as admin using the appropriate administrator password AVAVA Logon Please log in User 1D O ee FAS Reviewed Solution amp Interoperability Test Lab Application Notes 4 of 35 WCH 6 17 2004 2004 Avaya Inc All Rights Reserved IngateSIPNAT doc The CCS administration web interface will be displayed Expand the Users link on the left side of the page and click on Add AVAYA Help Exit a Top Manage Users Add and delete users Manage Extensons Add and delete telephone extensions Manage Hosts 4dd and delete hosts Manage Media 4dd and delete Media Servers Servers Manage Services Start and stop server processes on Extensions this host Hosts Maintenance Perform maintenance operations on Media Servers this hast Mlaintenance FAS Reviewed Solution amp Interoperability Test Lab Application Notes 5 of 35 WCH 6 17 2004 2004 Avaya Inc All Rights Reserved IngateSIPNAT doc 3 The Add User page will be displayed Fill in the appropriate fields In the screen below the user corresponding to the Avaya 4602 SIP telephone is being added Enter the extension number in the Handle and User ID fields Help Exit 7 Se it si Add User List HE Handle zo lt 27 2CS S Search User ID 22001 iw Password uu Confirm Password peeeesse Host impress First Name SIP Last Name
7. All Rights Reserved IngateSIPNAT doc Description Using an Ethernet crossover cable connect the Ethernet interface of a PC to the Eth0 interface on the SIParator Configure the PC Ethernet interface with an IP address on the 10 1 1 0 subnet Open the web browser on the PC and enter the IP address configured in Step 1 of Section 5 1 Log in with the appropriate login and password The initial web interface page will be displayed At the top of the page are several icons shown below to which the following steps will refer Basic Administration Logging Failover Cluality About Configuration of Ingate SlParator DENICE FAS Reviewed Solution amp Interoperability Test Lab Application Notes 23 of 35 WCH 6 17 2004 2004 Avaya Inc All Rights Reserved IngateSIPNAT doc 2 Click on the Basic Configuration icon Select the SIParator Type tab to specify the type of connectivity the SIParator will have to the network If the Current SIParator type is not set to Standalone use the Change SIParator type pull down menu to select Standalone and click on the Prepare to change type button The factory default type 1s Standalone as shown below Refer to the description on the web page for information on the various types Basic Si Tria Networks and Configuration RADIUS SNMP EthO Eth Computers Current SlParator type Standalone The SlParator can be connected to your network in three different ways depending on your needs The DMZ Configura
8. Lab Application Notes 21 of 35 WCH 6 17 2004 2004 Avaya Inc All Rights Reserved IngateSIPNAT doc The following prompt is displayed for specification of computers that can configure the SIParator In this case any computer on the 10 1 1 0 subnet will be permitted Enter a password for the admin login Computers from which configuration is allowed You can select either a single computer or a network Configure from a single computer y n y n Network number 0 0 0 0 10 1 1 0 Netmask bits 255 255 255 0 255 255 255 0 Password xxx Now save the configuration using the default update mode Other configuration Do you want to reset the rest of the configuration y n nly Update mode 1 3 1 You have now entered the following configuration Network configuration inside Physical device name etho IP address 10 1 1 200 Netmask 255 255 255 0 Deactivate other interfaces no Computer allowed to configure from Network Number 10 1 1 0 Password xxx The rest of the configuration is kept Is this configuration correct yes no abort yes 5 2 Configure the SIParator Web Interface The following steps illustrate the remaining administration for the SIParator for the sample configuration in Figure 1 using the web interface In some cases the web page display has been abbreviated for clarity FAS Reviewed Solution amp Interoperability Test Lab Application Notes 22 of 35 WCH 6 17 2004 2004 Avaya Inc
9. S server The values in the Configuration section are already set according to the values input in the serial port session of the previous section S Porator Networks and Basic TA mi RADIUS SNMP EthO Ethl Type Computers Configuration Default gateway 30 1 1 2 0 Name server IP policy Discard IP packets Policy for reply to ping to the SlParator Only reply to ping to the same interface Default dorman PO Report new versions of Ingate S Parater Version control ON Last successtul version control Hot available Name ot this SlParater lingate Systems Configuration Contioure the lParator wa IP address Inside 10 1 1 200 User authentication Local password Enumerate all IF addresses and networks that are allowed to access the contiguration interface on the gt lP arator Salle De tnai Netmask bits Range Log class Delete no address 10 1 1 0 oca SO B fi0 1 1 0 255 255 255 0 1011255 Local in Acc new rows If Save Undo Click Save after completing the page FAS Reviewed Solution amp Interoperability Test Lab Application Notes 27 of 35 WCH 6 17 2004 2004 Avaya Inc All Rights Reserved IngateSIPNAT doc Description Select the Networks and Computers tab to specify a logical Name for networks in the configuration These names will be used in subsequent administration e g SIP relay and SIP registrar In the sample configuration the enterprise network 1s inside the re
10. Settings link under Admin and enter the information outlined below in red In this configuration the phone will be registering to the CCS 10 1 1 50 Home SIP Settings Admin Note that changes to these values are only saved when the save button is pushed e Network amp Os e Firmware Update Registration e SIP Setti 185 e Phone Settings e Admin Security e User Security Call Handlir 1g status Network e Hardware e Firmware System zo e Reset poo 10 1 1 560 ea BUBL Save Cancel Cancel Select Save and check the main administration page displayed next for the green confirmation message FAS Reviewed Solution amp Interoperability Test Lab Application Notes 19 of 35 Description WCH 6 17 2004 2004 Avaya Inc All Rights Reserved IngateSIPNAT doc Select the Reset link under System The Reset Hardware page will be displayed Home Reset Hardware Admin Press the Seset button to reset the hardware Hetwork amp O05 Firmware Update DLP Settings Reset Phone settings Admin pecurity SECUI 2004 Elte Communications Inc All rights reserved User Securty Call Handling Status e Hetwork e Hardware e Firmware System e Reset Click the Reset button to confirm This will reset the phone and put the saved settings into effect The phone will then attempt to register with the CCS The following display will appear on the phone indicating successful registration FAS Reviewed Solution
11. Telephone Address 1 o Address 2 oo Office TTC tC City a State C Country a Zip M Add Media Server r Extension Fields marked are required Click on Add FAS Reviewed Solution amp Interoperability Test Lab Application Notes 6 of 35 WCH 6 17 2004 2004 Avaya Inc All Rights Reserved IngateSIPNAT doc The confirmation page will be displayed Click Continue Help Exit User 27001 added conte Update Repeat Steps 1 4 for each user to be supported FAS Reviewed Solution amp Interoperability Test Lab Application Notes 7 of 35 WCH 6 17 2004 2004 Avaya Inc All Rights Reserved IngateSIPNAT doc 3 2 Adding an Address Map Address maps are used in the CCS to specify how incoming SIP calls are to be routed based on the dialed number They are grouped by the SIP contact to which they will be routed In this configuration calls to phones at Site B and the PSTN need to be routed to the simulated SSP The following steps describe how to administer this See Reference 1 for more information on the syntax used to specify address maps Click on the Hosts link on the left side of the main CCS web page The List Hosts page 1s displayed Help Exit To ee a List Hosts List Add Search Edit D Status Commands Host Up to date Edit Map Go To Test Link Delete impress Force All Click on Map FAS Reviewed Solution amp Interoperability Test Lab Application Notes 8 of 35 WCH 6 17 2004
12. a to another deman Prefix matches the first part of the gt IP username Rest matches the rest of the username and Domain replacement is the new domain for the matched requests User search pattern Domain replacement Delete Prefix Rest e 0d el eveyacom rs a ad el eveyecom rs wo as popscpcom Agg new rows If Save Undo Click Save after completing the page FAS Reviewed Solution amp Interoperability Test Lab Application Notes 30 of 35 WCH 6 17 2004 2004 Avaya Inc All Rights Reserved IngateSIPNAT doc Description Select the External SIP Servers tab In this configuration the domain avaya com was administered in DNS to be the outside interface of the SIParator The CCS Home Edge proxy is also administered to be authoritative for that domain so the Static Forwarding entry shown below must be entered so that the domain referred to in the previous step static domain modification will map to the IP address of the CCS 10 1 1 50 rather than be resolved using DNS PEPEES See External Local TLS Trusted eos SIP Relay SIP Registrar SIP Authentication SIP Servers SIP Sessions Certificate TLS CA SIP Status Outbound Proxy You can choose to send all requests to a SIP proxy outside the lParator In this case enter the address of it here DNS name or IP address Use this SIP proxy tor all requests Port Static forwarding Here you enter domains not handled by the lParater and which cannet
13. age FAS Reviewed Solution amp Interoperability Test Lab Application Notes 10 of 35 WCH 6 17 2004 2004 Avaya Inc All Rights Reserved IngateSIPNAT doc The List Address Map page will be displayed again this time with the updated map information AVAYA Help Exit To eee gt List Address Map Extensions Host Impress Hosts E Media Servers 7 a Media Servers Commands Name Commands Contact Services Edit Delete SiteB Maintenance Add Another Map Add Another Contact Delete Group Update Add Map In New Group Click on Add Another Map so that the next address map will also be associated with the contact to be defined in Step 6 FAS Reviewed Solution amp Interoperability Test Lab Application Notes 11 of 35 WCH 6 17 2004 2004 Avaya Inc All Rights Reserved IngateSIPNAT doc The Add Address Map page will be displayed Again enter a Name and a Pattern corresponding to a PSTN number plan the example specification is very general much more specific dial plans can be used This pattern specification matches on a 1 at the beginning of the URI followed by any number of digits and will therefore support 11 digit dialing 1 area code number Help Exit 2 Add Address Map sears Extensions ew Host Impress osts Mame PSTN Pattern sip 1 0 9 Replace URI M Update Fields marked are required Click on Add then click on Continue on the confirmation page FAS Reviewed Solution a
14. amp Interoperability Test Lab Application Notes 20 of 35 WCH 6 17 2004 2004 Avaya Inc All Rights Reserved IngateSIPNAT doc 5 Configure the SIParator The following steps describe administration of the SIParator in a standalone configuration as shown in Figure 1 The SIParator can be administered using a web based interface First the Eth0 Ethernet interface must be configured This can be accomplished using the console serial port as described in the next section 5 1 Configure the SIParator Serial Interface Attach a serial cable to the console serial port Using a terminal emulator program access the port using the following parameters 19200 Number of Data Bits 8 Number of Stop Bits The command line interface session will begin with the following display Ingate SIParator Administration Basic configuration Save7 load configuration Become a failover team member Leave failover team and become standalone Wipe email logs Set password Exit admin gt L I Q OUR WN FP Enter 1 The following will be displayed Enter the values shown in bold or press enter if no value is shown Basic unit installation program version 3 3 Press return to keep the default value Network configuration inside Physical device name eth0 IP address 0 0 0 0 10 1 1 200 Netmask bits 255 255 255 0 255 255 255 0 Deactivate other interfaces y n n FAS Reviewed Solution amp Interoperability Test
15. be looked up using DHS Domain IF address Delete Javaya com fi 0 1 1 50 C Agg new rows li Save Undo Click Save after completing the page FAS Reviewed Solution amp Interoperability Test Lab Application Notes 31 of 35 WCH 6 17 2004 2004 Avaya Inc All Rights Reserved IngateSIPNAT doc 10 The configuration changes that have been saved thus far are designated as preliminary They must now be applied and copied to the permanent configuration Click the Administration icon and then the Save Load Configuration tab Click on Apply Configuration Save Load Show CCA Configuration HTTPS Password Configuration Upgrade Table Look Change Language Bs il Activate Configuration Activating the preliminary configuration is a two or three step operation The first step is initiated by pressing Apply configuration below which will cause Ingate 5lParator to enter time limited test mode In that mode the preliminary configuration is used From that mode vou can either abort test mode make the preliminary configuration permanent or enter Unlimited test mode One of these three actions must be taken within the specified time limit or the StParater will automatically abort test mode From the unlimited test mode you can either abort the test mode or make the preliminary configuration permanent If the Ingate SlParater is rebooted during test mode either limited or Unlimited it will revert back te the p
16. ermanent configuration The Abert all edits button will abandon all changes you have made te the preliminary configuration Time limit for limited test mode seconds Bo Apply configuration Abort all edits At this point the applied configuration will be in effect on the SIParator for the test period shown to the right of Time limit for limited test mode seconds Three buttons will be displayed as shown below When satisfied with the operation of the SIParator click on Save Configuration before the test period specified above expires See the above page for explanations of the remaining buttons Save configuration Continue testing Revert 6 Interoperability Compliance Testing The test plan used for compliance testing was Reference 5 The test configuration was identical to that of Figure 1 and focused on SIP telephony interoperability as opposed to instant messaging and presence features The results from an existing test plan executed against the test bed without the SIParator were compared to those with the SIParator installed FAS Reviewed Solution amp Interoperability Test Lab Application Notes 32 of 35 WCH 6 17 2004 2004 Avaya Inc All Rights Reserved IngateSIPNAT doc 6 1 General Test Approach Feature and functional testing was performed manually Testing verified the ability of the S Parator to e Route SIP call requests inbound to and outbound from the enterprise e Perform NAT at both t
17. et Auonegctae z m o o QOS Settings Save Cancel Select Save FAS Reviewed Solution amp Interoperability Test Lab Application Notes 17 of 35 WCH 6 17 2004 2004 Avaya Inc All Rights Reserved IngateSIPNAT doc 4 The main administration web page will be displayed as shown below Check the bottom of the page for the green confirmation message Home Admin e Network amp OO8 e Firmware Update ooo Choose a link to select an activity Admin Security e User security Call Handling Welcome to the administration screens for the 4602 SII Telephone select Status Network amp QOS to modify the IF networking or Quality of Sennce Settings of the Phone Network Hardware a CE Firmware Update to modify the settings for updating the phones s firmware System Sip Settings to modify the SIP server user name and password settings of the Phone e Reset Phone Settings to modify Phone attributes all Handling te medify how the Phone handles calls Admin Security to modify the admin password for this phone User Security to modify the user password tor this phone Status Network Status Hardware Status Firnnware Status Provisioning complete The new settings will be used on next power up or reset FAS Reviewed Solution amp Interoperability Test Lab Application Notes 18 of 35 WCH 6 17 2004 2004 Avaya Inc All Rights Reserved IngateSIPNAT doc 3 To set the SIP parameters select the SIP
18. he IP and SIP SDP layers on SIP signaling and media traffic 6 2 Test Results All test cases passed In all cases the SIParator performed the tested features as expected No SIParator specific issues were observed 7 Verification Steps The following verification steps can be used when troubleshooting configurations in the field e Verify that the Avaya 4602 SIP telephone has registered to the CCS by looking at the display see Section 4 Step 6 Ifthe following display appears registration has failed Verify that the 4602 was administered with the correct IP address for the CCS in the Proxy Server IP Address and Registrar Server IP Address fields e Ping the FQDN for the enterprise site and remote site SIParator and SSP proxy respectively in this example to verify correct DNS IP address resolution If this test fails but the IP address can be pinged check DNS administration e Make a call from a 4602 in Site A to a SIP phone in Site B Verify good quality audio in both directions If the call fails use a SIP capable network analyzer to verify that the INVITE message is being routed from the CCS to the SIParator If it is not check the address map s administered in the CCS Section 3 2 Also check that the transport protocol supported by the remote SIP proxy server is correctly specified If these are correct use the analyzer to verify that the SIParator routes the INVITE to the remote site If it is not check the Static Doma
19. in Modification administration in the SIParator Section 5 2 Step 8 e Make a call from a SIP phone at the remote site to the 4602 at Site A Verify good quality audio in both directions If the call fails use the techniques described in the previous step to verify proper routing of the INVITE message from the SSP to the SIParator and then on to the CCS 8 Support Sales and technical support is available from the vendors that distribute Ingate products They can be located by emailing Technical support is also available by emailing to bupport ingate com or calling 1 973 678 0464 The U S main office can be reached at 1 603 883 6569 FAS Reviewed Solution amp Interoperability Test Lab Application Notes 33 of 35 WCH 6 17 2004 2004 Avaya Inc All Rights Reserved IngateSIPNAT doc 9 Conclusion The Ingate SIParator has been successfully compliance tested in the configuration outlined in these Application Notes The administration steps provided here can be used to implement SIP aware NAT in the enterprise without changing the existing router and firewall configurations 10 Additional References 1 Converged Communications Server Installation and Administration Doc 555 245 705 February 2004 2 4602 SIP Telephone Release 1 0 Administrator s Guide Doc 16 300037 Issue 1 0 May 2004 3 Ingate SIParator 3 3 Getting Started Guide 4 Ingate SIParator 3 3 User Manual 5 Interoperability Test Plan and Resul
20. mote phones at Site B is siteB and the network external to enterprise Site A is outside The networks are defined as ranges of IP addresses The Interface field specifies through which SIParator interface these networks are accessible ge Networks and Computers Basic Confiquration RADIUS SNMP EthO Eth O Lowerlimit limit a ee er limit subgroup DNS name DNS name Interface Delete or IP address iors oa faa or IP address T E Ee Plinside inside foo 1 0 1 1 0 foris 10 1 1 255 Inside gt Inside E outside o oo 0 0 0 0 255 255 255 255 255 255 255 255 Outside E siteb fioz20 10 2 2 0 10 2 2 255 nzas Outside E Add new rows If sroups with fi rows pEr group save Undo Look up all IF addresses again Click Save after completing the page FAS Reviewed Solution amp Interoperability Test Lab Application Notes 28 of 35 WCH 6 17 2004 2004 Avaya Inc All Rights Reserved IngateSIPNAT doc Description I Select the SIP icon see Step 1 and then the SIP Relay tab to specify with which networks the SIParator will relay SIP signaling and media traffic In the sample configuration the SIParator must relay SIP signaling and media between enterprise sites A and B Set SIP relay to Active and add the relay rules for networks inside and siteB as shown below ecm baka External Local TLS Trusted ae st Registrar SIP Authentication SIP Servers SIP Sessions Certificate TIS CA SIP Status Here you configu
21. mp Interoperability Test Lab Application Notes 12 of 35 WCH 6 17 2004 2004 Avaya Inc All Rights Reserved IngateSIPNAT doc The List Address Map page will be displayed again this time with the updated map information AVAVA Help Exit To eae a List Address Extensions Host Impress Hosts a Media Servers 4 Media Servers Commands Name Commands Contact Services Edit Delete PSTN Maintenance Edit Delete Sjtep Update Add Another Map Add Another Contact Delete Group Add Map In New Group Click on Add Another Contact FAS Reviewed Solution amp Interoperability Test Lab Application Notes 13 of 35 WCH 6 17 2004 2004 Avaya Inc All Rights Reserved IngateSIPNAT doc The Add Contact page will be displayed In Contact enter the SIP URI corresponding to the inside interface of the SIParator user instructs the CCS to substitute the user portion of the URI of the incoming INVITE message at this point in the contact transport UDP specifies the transport protocol used by the proxy server to receive requests Help Exit m Add Contact Host Impress Handle SiteB Contact sip user 10 1 1 200 transport udp Fields marked are required Update Click on Add then click on Continue on the confirmation page FAS Reviewed Solution amp Interoperability Test Lab Application Notes 14 of 35 WCH 6 17 2004 2004 Avaya Inc All Rights Reserved IngateSIPNAT doc The List Address Map page will
22. ning configuration can be performed using the web interface in the following steps FAS Reviewed Solution amp Interoperability Test Lab Application Notes 15 of 35 WCH 6 17 2004 2004 Avaya Inc All Rights Reserved IngateSIPNAT doc Set the URL of a browser to the IP address entered in Step 1 and log in as admin using the appropriate administrator password Enter Network Password a Please type your user name and password Site Realm Sip Utility Set User Name Password l Seve this password in your password list The 4602 SIP Phone administration web interface will be displayed 16 of 35 FAS Reviewed Solution amp Interoperability Test Lab Application Notes IngateSIPNAT doc WCH 6 17 2004 2004 Avaya Inc All Rights Reserved 3 To assign static network parameters select the Network amp QOS link under Admin and enter the information outlined below in red All other parameters can be left as default Make sure Use DHCP is unchecked Powered by Elite a Communications Inc Serrice O90 for Avaya co 2004 Home Network Settings Admin Hote that changes to these values are only saved when the Save button is pushed e Network amp QOS e Firmware Update IP Settings e SIP Settings e Phone Settings DHCP Semp C Uss DHCP Chest to enable DHCP OoOo oO Admin Security Uariserurly pos Call Handing fesszs52550 os foooo o Network Hardware pooo foooo poso oo System Res
23. re the SIF relay ot this Ingate gt Parator olF relay Active Detault policy tor requests to the relay Reject all Relay rules Here you set all the niles tor SIF requests from ditterent networks Requests that do not match any rule are handled according to the Default policy for requests above From network Acton Delete inside Process all E siteB Process all E Agg new rows li Save Undo Click Save after completing the page FAS Reviewed Solution amp Interoperability Test Lab Application Notes 29 of 35 WCH 6 17 2004 2004 Avaya Inc All Rights Reserved IngateSIPNAT doc Select the SIP Registrar tab Use this page to specify to which domain a given SIP request should be routed based on the Uniform Resource Identifier URD field in the INVITE message This specification is analogous to the Address Map entry in CCS administration See Section 3 2 In this example SIP telephones registered to the CCS at Site A begin with 22 or 21 and telephones at Site B registered to the SSP proxy begin with 50 The SIParator replaces the domain names in the request with those specified below and forwards them to the proxy server IP address returned from a DNS lookup of the domain name External SIP Servers m Local TLS Trusted Certificate TLS CA SIP Relay PUATA SIP Authentication SIP Sessi SIP Status Static domain modification You can choose to forward all SIP requests matching certain criteri
24. rewall once The Standalone Configuration Using this configuration the SlParator is connected to your inner network on one interface and the outside world on the other Internal users have to configure the SlParator as outbound proxy or an internal proxy has to use the S Parator as outbound proxy The SlParator derives information about your network topology from the interface configuration Use this configuration only if your firewall lacks a DMZ interface or for some other reason cannot be configured for the DMZ or DMZ LAN alternatives Current SlParator type Standalone Change SlParator type Standalone to Prepare to change type FAS Reviewed Solution amp Interoperability Test Lab Application Notes 24 of 35 WCH 6 17 2004 2004 Avaya Inc All Rights Reserved IngateSIPNAT doc 3 Select the Eth0 tab This is the inside private interface Verify that the values have already been populated based on the values entered during the serial port session Basic f eaa 5 Porator Networks and Configuration RADIUS SNMP Eh Type Computers General Physical device name eth Interface name Inside Status Interface ON Contiguration of the lParater via this intertace Allowed Y Directly Connected Networks Please enter which IF address es the lParator should have on this interface DNS name IP erasi Proadast Nenne or IP address address Nea tiie sts address address Malai Jinside fio1a1200 10
25. ting router firewall configurations The S Parator can perform all SIP proxy and registrar functions In the configuration tested in these Application Notes the registrar function was not used the SIParator was configured to relay SIP signaling and media The SIParator is offered in several product sizes to support small medium and large enterprises The configuration tested consisted of an Avaya CCS within an enterprise SIP network as shown in Figure 1 Several SIP telephones are registered to the CCS The enterprise edge router performs P level Port NAT PNAT for non SIP network devices within the enterprise The SIParator performs IP and SIP level a alee on behalf of the CCS and SIP phones and has a direct connection to the public network For simplicity NAT was not performed for devices within or beyond the simulated SIP Service Provider SSP network The Avaya CCS proxy is configured to route all off enterprise calls to the SIParator which is configured to route them to the simulated SSP network that supports SIP to SIP and SIP to PSTN service The SIParator is configured to route inbound calls to the CCS DNS support allows dialing using Fully Qualified Domain Names FQDNs The domains administered in the test configuration were avaya com for the enterprise site and pop ssp com for the service provider network The SIParator can also be configured within a DMZ so that a separate public IP address is not required
26. tion Using this configuration the SlParator is located on the DMZ of your firewall and connected to it with only one interface You need to open the SIP port normally UDP port 5060 and a range of UDP ports for RTP traffic to and from the SIParator on your firewall The SIP traffic finds its way to the S Parator using DNS or by setting the STParator as an outbound proxy on the clients You need to declare your internal network topology on the Surroundings page a page that is only present using this configuration This is the safest configuration since all traffic goes through both your firewall and your SlParator It is also the most flexible since all networks connected to any of your firewall s interfaces can be SIP enabled The DMZ LAN Configuration Using this configuration the SlParator is located on the DMZ of your firewall and connected to it with one of the interfaces The other interface is connected to your internal network The SlParator can handle several networks on the internal interface even if they are hidden behind routers No networks on other interfaces on the firewall can be handled Internal users have to configure the SlParator as outbound proxy or an internal proxy has to use the S Parator as outbound proxy The SlParator derives information about your network topology from the interface configuration This configuration is used to enhance the data throughput since the traffic only needs to pass your fi
27. ts for the Avaya R2 0 CM and CCS SIP Offer with Ingate SIP Aware NAT Products April 1 2003 Issue 1 0 Fred Schmidt and James Feeney FAS Reviewed Solution amp Interoperability Test Lab Application Notes 34 of 35 WCH 6 17 2004 2004 Avaya Inc All Rights Reserved IngateSIPNAT doc 2004 Avaya Inc All Rights Reserved Avaya and the Avaya Logo are trademarks of Avaya Inc All trademarks identified by and are registered trademarks or trademarks respectively of Avaya Inc All other trademarks are the property of their respective owners The information provided in these Application Notes 1s subject to change without notice The configurations technical data and recommendations provided in these Application Notes are believed to be accurate and dependable but are presented without express or implied warranty Users are responsible for their application of any products specified in these Application Notes Please e mail any questions or comments pertaining to these Application Notes along with the full title name and filename located in the lower right corner directly to the Avaya DeveloperConnection Program at devconnect avaya com FAS Reviewed Solution amp Interoperability Test Lab Application Notes 35 of 35 WCH 6 17 2004 2004 Avaya Inc All Rights Reserved IngateSIPNAT doc
Download Pdf Manuals
Related Search