173
This chapter will discuss how security devices such as firewalls and network
address translators (NATs) can complicate SIP call setup signaling and the
flow of Real-Time Transport Protocol (RTP) media packets. NATs are used to
create private IP networks that use internal IP addresses that are not part of the
public Internet address space and are not routed over the Internet [1]. Network
administrators use NATs either because they may not have enough public
IPv4 addresses or to avoid reconfiguring all their IP devices when they change
service providers. However, this has quite a number of undesired conse-
quences, as discussed in Hain [2]. The overall negative implications of fire-
walls and NATs on Internet transparency are discussed in Carpenter [3]. Since
SIP signaling carries rich information, it can reveal valuable personal data of
the calling and called parties such as IP addresses (location), contact lists, and
traffic patterns.
Firewalls and NATs greatly complicate calls for users in enterprise or home
networks that use such devices. Several approaches are possible for firewall
and NAT traversal for phone and multimedia communication calls, the most
prominent being the following:
■■ Control of firewalls and NATs from a SIP proxy acting as an Applica-
tion Level Gateway (ALG)
■■ Modification of SIP signaling, without changing anything in existing
firewalls and NATs