Configuring Your System for ITSP Interoperability
Firewalls and SIP
Cisco Small Business ATA Administration Guide
53
3
STEP 6
Click
Submit All Changes
.
STEP 7
View the syslog messages to determine whether your network uses symmetric
NAT. Look for a warning header in the REGISTER messages, such as Warning: 399
spa "Full Cone NAT Detected.”
Firewalls and SIP
To enable SIP requests and responses to be exchanged with the SIP proxy at the
ITSP, you must ensure that your firewall allows both SIP and RTP unimpeded
access to the Internet.
•
Make sure that the following ports are not blocked:
•
SIP ports—UDP port 5060 through 5063, which are used for the ITSP line
interfaces
•
RTP ports—16384 to 16482
•
Also disable SPI (Stateful Packet Inspection) if this function exists on your
firewall.
Configuring SIP Timer Values
The default timer values should be adequate in most circumstances. However, you
can adjust the SIP timer values as needed to ensure interoperability with your
ISTP. For example, if SIP requests are returned with an “invalid certificate”
message, you may need to enter a longer SIP T1 retry value.
To view the default settings or to make changes, open the
Voice > SIP
page, and
scroll down to the
SIP Timer Values
section. For field descriptions, see
”SIP
Timer Values (sec) section,” on page 129 of Appendix B
.