Figure 10.2 Unsuccessful call through firewall using UDPFigure 10.3 Unsuccessful call through firewall using TCPIf the a UA outside the firewall attempts to establish a session with the UA
inside the firewall, all SIP and RTP packets will be blocked, regardless of trans-
port, resulting in no session.
Note that it is possible to configure a firewall to allow SIP. However, doing
so opens so many holes and weakens the protection provided by a firewall to
such a degree that few network administrators would allow it. This is in con-
trast to NATs, which currently cannot be reconfigured to pass SIP and media.
Solutions to the firewall and NAT traversal problem will now be discussed.SIP User Agent A Firewall A8 200 OK/TCP11 RTP Packets/UDP5 Open TCP ConnectionUsing TCP for SIP
enables the session
to be established,
but B’s RTP packets
are blocked by A’s
Firewall.TCP
ScenarioSIP User Agent B6 INVITE/TCP7 180 Ringing/TCP9 ACK/TCP10 RTP Packets/UDPSIP User Agent A Firewall A4 RTP Packets/UDP- INVITE/UPD
Using UDP, all of B’s
responses and
packets are blocked
by A’s Firewall.A is calling
from inside
the firewallUDP
ScenarioSIP User Agent B- 180 Ringing/UDP
3. 200 OK/UDP
178 Chapter 10