Forum Discussion
Plain old NAT and SIP
Hello,
What would be the easiest way to just NAT SIP traffic without terminating SIP connection on F5 as suggested in their official document here https://www.f5.com/pdf/deployment-guides/load-balancing-sip-dg.pdf.
I don't want any SIP traffic engineering or anything fancy. Just NAT and SIP adjustment accordingly.
I have a SIP gateway and a separate media server (on a different IP). So clients (firewall inside) always go to SIP gateway (firewall outside) and never talk to each other directly.
Please advise.
Thank You!
Bojan
- imfvieira_14470Nimbostratus
Hello,
I have a similar question. I have a IP Phone and I need to use NAT for source and destination. The Ip Phone will be inside a backbone network and need to go to DMZ network and after redirected to Internet. IP Phone -> Enterprise Network -> Firewall -> F5 -> Firewall -> Internet. One of the solutions that I found was use a SIP Proxy. Is possible to use the F5 as a SIP proxy?
- bojan_sukalo_20Nimbostratus
Thanks Kevin,
If I got it right, I have to have only one virtual server in this case then (instead of two, one for clients to server and another for server to clients)?
By the way I've already tried simple SNAT but calls can not be established. I haven't taken packet capture yet to see whether there was a SIP NAT translation taking place.
Thank you anyway, I'll try with one virtual server configuration.
Cheers!
Bojan
- Kevin_StewartEmployeeYou'd just need one VIP. All client requests pass through this VIP, and all server responses flow back through the same VIP. SNAT applied to the VIP is needed if the server knows how to go around the VIP for its responses.
- Kevin_StewartEmployee
A simple NAT configuration would work just fine.
But you could do better with an actual virtual server configuration. As a full proxy, the F5 will always proxy layer 4 (TCP and UDP), but beyond that layers 5 and up are controlled by profiles that either manage the traffic or simply pass them through. A simple virtual server listening on port 5060 or 5061, with nothing more than a pool assigned also pointing to port 5060 or 5061 backend services will not terminate or touch the SIP traffic passing through it.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com