Configuring Your System for ITSP Interoperability
Firewalls and SIP
STEP 6
STEP 7
Firewalls and SIP
Configuring SIP Timer Values
Cisco Small Business ATA Administration Guide
Click Submit All Changes.
View the syslog messages to determine whether your network uses symmetric
NAT. Look for a warning header in the REGISTER messages, such as Warning: 399
spa "Full Cone NAT Detected."
To enable SIP requests and responses to be exchanged with the SIP proxy at the
ITSP, you must ensure that your firewall allows both SIP and RTP unimpeded
access to the Internet.
•
Make sure that the following ports are not blocked:
•
SIP ports—UDP port 5060 through 5063, which are used for the ITSP line
interfaces
•
RTP ports—16384 to 16482
•
Also disable SPI (Stateful Packet Inspection) if this function exists on your
firewall.
The default timer values should be adequate in most circumstances. However, you
can adjust the SIP timer values as needed to ensure interoperability with your
ISTP. For example, if SIP requests are returned with an "invalid certificate"
message, you may need to enter a longer SIP T1 retry value.
To view the default settings or to make changes, open the Voice > SIP page, and
scroll down to the SIP Timer Values section. For field descriptions, see
Timer Values (sec) section," on page 129 of Appendix
3
"SIP
B.
53