Amer Networks E5Web GUI User Manual

•

Service: sip_serv

•

Source Interface: ext

•

Source Network: proxy_ip

•

Destination Interface: core

•

Destination Network: ip_wan

•

Comment: Allow incoming SIP traffic

4.

Click OK

Scenario 2
Protecting proxy and local clients - Proxy on the same network as clients

In this scenario the goal is to protect the local clients as well as the SIP proxy. The proxy is located
on the same, local network as the clients, with SIP signalling and media data flowing across two
interfaces. This scenario is illustrated below.

This scenario can be implemented in two ways:

•

Using NAT to hide the network topology.

•

Without NAT so the network topology is exposed.

Solution A - Using NAT

Here, the proxy and the local clients are hidden behind the IP address of the Clavister Security
Gateway. The setup steps are as follows:

1.

Define a single SIP ALG object using the options described above.

2.

Define a Service object which is associated with the SIP ALG object. The service should have:

•

Destination Port set to 5060 (the default SIP signalling port)

Chapter 6: Security Mechanisms

418