4 Knowledge Base

 

 TelecomTrainning.net > Knowledge Base
 Viewing KB Article
Good Morning, - Please register or - log-in to your account.
Search
Search   Saved Questions   Ask a question
Keywords 
 
Available categories
LTE
100 of Questions in LTE
CCNA Certification
CCNA Sample Q & A (1000 + Q &A)
(Network +) Certification
(Network +) Sample Q & A (1000 + Q &A)
Networking
General/Interview Q& A on Networking
Home Networking
General/Interview Q& A on Networking
VOIP, SIP & Asterisk
Q & A on VOIP,Ethereal, SIP & Asterisk
Telecom Test Equipments
Q & A on Telecom Test Equipment
PSTN / Wireline
General / Interview Q & A on PSTN / Wireline
LTE, Wireless, 3G ,Diameter and HSS
General/Interview Q & A on LTE, Wireless, 3G ,Diameter and HSS
Telecom General
Any Q & A in Telecom in General

Top Questions
Friends, Describe Secure storage and distribution of A-Keys?
what is the difference between E1 signal & Ethernet signal ?
How do I monitor SS7 Traffic in spectra2?
Can you tell me about PBGT?
Explain me the difference between a repeater, bridge and router? Relate this to the OSI model.
What is the difference between BRI & PRI ?
Guys what is the purpose of Umbrella Cell Approach in GSM ?
how can we explain media gateway in MSc?
What is GGSN?
What is the difference between Electrical-tilt and Mechanical-tilt of an antenna?
What is BSC?
What is demarc point?
Can any one explain me how sms flow will work using ss7 network ?( from physical layer to application layer)
why cellphone towers are painted in red and white?
Explain SLTA and SLTM messages in MTP3?
Hi guys what is WAP?
wat is the difference betweem MSC & GMSC, & MSS & GCS?
what is EDAp? what is the functions of EDAP?
What is a circuit id?
what is sdh?

Hi Friends, Explain the Firewall and NAT problem Summary?
michaeldavid23 16-July-2008 01:01:22 PM

Comments


Session Initiation Protocol (SIP) represents the third wave of Internet usage after SMTP (email) and HTTP (Web). Developed by the Internet Engineering Task Force (IETF), SIP has today become the signaling protocol of choice for establishing realtime communications, including Voice over IP (VoIP) calls. Research suggests that SIP is the VoIP protocol that has replaced H.323 and MGCP and that, for the foreseeable future, no replacement is expected (Business Communications Review, August 2005).

However, SIP-based communication does not reach users on the local area network (LAN) behind firewalls and Network Address Translation (NAT) routers automatically. Firewalls are designed to prevent inbound unknown communications and NAT stops users on a LAN from being addressed. Firewalls are almost always combined with NAT and typically still do not support the SIP protocol properly.

This issue of SIP traffic not traversing the enterprise firewall or NAT is critical to any SIP implementation, including VoIP.Eventually, all firewalls will need to be SIP capable in order to support the wide-scale deployment of enterprise person-to-person communications. In the interim, several solutions have been proposed to work around the firewall/NAT traversal problem.
Several of these solutions have serious security implications while there are also solutions that allow you to remain in control. It is important to consider to what level you are prepared to surrender the control of your corporate infrastructure when choosing a NAT/firewall traversal solution.
Posted by sagitraz


Implications: No users behind firewalls/NAT can interoperate with other
Internet users
- Problem Size: Unknown, probably huge
- Nobody knows how many users are behind FWs/NATs
- IP addresses shared by hosts, hosts shared by users
- Hugely deployed by enterprises, some ISPs deploy NATs as well

Brian Carpenter (January 2001): “My hand waving estimate is that 40% (160M) of users are behind a firewall and/or NAT, 50% (200M) on dial-up, and 10% (40M) have direct always-on access. But there is no way I can justify these numbers.”
- Solution Status: very few products have VoIP ALGs
- ALGs are no “Wunderwaffe” (all-disease-cure)
- Firewall ALGs fail to operate if data encrypted
- NAT ALGs fail to operate if data encrypted or authenticated
- Embedded ALGs suffer from dependency on vendor, lower performance, higher development costs
- Problems with multiple FW/NATs
Posted by yogendra

Q&A Rating

Q&A Rating
Rate This Question and Answer

Related Questions
Which of the following would be good reasons to run NAT?
 
What should be the SIP response message for ISUP cause value 22 number changed (w/ diagnostic)?
 
Does ISDN carry D Channel? Also what is role on AN and LE in ISDN?


Search questions via popularity
Top viewed questions  Top emailed questions  Most printed questions  Most saved questions
 
Copyright © Telecom Training, All Rights Reserved