R E V I E W D R A F T # 1 — C I S C O C O N F I D E N T I A L
2-5
Cisco WRP500 Administration Guide
Chapter 2 Configure Your System for ITSP Interoperability
Firewalls and SIP
Step 7
View the syslog messages to determine whether your network uses symmetric NAT. Look for a warning
header in the REGISTER messages, such as Warning: 399 spa "Full Cone NAT Detected.”
Firewalls and SIP
To enable SIP requests and responses to be exchanged with the SIP proxy at the ITSP, you must ensure
that your firewall allows both SIP and RTP unimpeded access to the Internet.
•
Make sure that the following ports are not blocked:
–
SIP ports—UDP port 5060 through 5063, which are used for the ITSP line interfaces
–
RTP ports—16384 to 16482
•
Also disable SPI (Stateful Packet Inspection) if this function exists on your firewall.
Configure SIP Timer Values
The default timer values should be adequate in most circumstances. However, you can adjust the SIP
timer values as needed to ensure interoperability with your ISTP. For example, if SIP requests are
returned with an “invalid certificate” message, you may need to enter a longer SIP T1 retry value.
For more information, see the
”SIP Timer Values (sec) section,” on page 8 of Appendix A
.