Hi, Am Freitag, 27. Oktober 2006 08:19 schrieb dcb@vcomcon.com:
Calling in is the problem. As far as I can tell, I need to forward SIP from the outside zone to the internal zone so the Vonage VOIP device (Motorola VT 2142) can set up the call session. The VT 2142 does not have/support an IP address
Er. I'm sure it does have an address. If it wants to communicate (inbound or outbound) it needs one... If you don't know it's address, try to check that with tcpdump/ethereal/whatever while calling outbound.
so I'm not clear on how to route SIP once it transits the FW, or how to broadcast it such that the VT 2142 endpoint establishes the session.
Consider installing a SIP proxy[1] in your environment, possibly on the firewall itself.
I'm also not sure what the securtiy risk is opening up UDP 5060 from the outside -> inside is, so insights there are appreciated.
An open port is a bad port, as long as you don't know _why_ you open it. Security considerations with opening a port depend on your network setup, the environment and more theoretical considerations. Please note that many SIP connections are TCP! [1] I'd recommend OpenSER (www.openser.org) or SER (www.iptel.org, but OpenSER is better ;)). Asterisk can give you similar functionality, but it's primary domain is a different one. Have a lot of fun... Bastian -- Bastian Friedrich bastian@bastian-friedrich.de Adress & Fon available on my HP http://www.bastian-friedrich.de/ \~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\ \ Absence is to love what wind is to fire. It extinguishes the small, \ it enkindles the great.