[Contents] [Prev] [Next] [Index] [Report an Error]

Example: Configuring Static NAT for Incoming SIP Calls (CLI)

When you locate the SIP proxy server in an external, or public, zone, static NAT configured on the interface to the public will enable callers in the internal, or private, zone to register with the proxy.

In this example, phone1 is on the ge-0/0/0 interface in the private zone, and phone2 and the proxy server are on the ge-0/0/2 interface in the public zone. You configure static NAT on the ge-0/0/2.0 interface to phone1, then create policies that allow SIP traffic from the public zone to the private zone, and reference the static NAT in the policy. This example is similar to the Example: Configuring Interface Source NAT for Incoming SIP Calls (CLI) and Example: Configuring a Source NAT Pool for Incoming SIP Calls (CLI), except that with static NAT you need one public address for each private address in the private zone, while with a DIP pool a single interface address can serve multiple private addresses. See Figure 22.

Figure 22: Static NAT for Incoming Calls

Image g030633.gif

To configure static NAT for incoming calls:

  1. Configure interfaces.
    user@host# set interfaces ge-0/0/0 unit 0 family inet address 10.1.1.1/24user@host# set interfaces ge-0/0/2 unit 0 family inet address 1.1.1.1/24user@host# set security zones security-zone private interface ge-0/0/0.0
  2. Configure addresses.
    user@host# set security zones security-zone private address-book address phone1 10.1.1.3/32user@host# set security zones security-zone public address-book address proxy 10.1.1.3/32user@host# set security zones security-zone public address-book address phone2 1.1.1.4/32
  3. Configure zones.
    user@host# set security zones security-zone privateuser@host# set security zones security-zone publicuser@host# set security zones security-zone private interfaces ge-0/0/0.0user@host# set security zones security-zone public interfaces ge-0/0/2.0
  4. Configure static NAT.
    user@host# set security nat interface ge-0/0/2.0 static-nat 1.1.1.3/32 host 10.1.1.3/32
  5. Configure policies.
    user@host# set security policies from-zone public to-zone private policy incoming match source-address any destination-address static_nat_1.1.1.3-32 application junos-jsrpuser@host# set security policies from-zone public to-zone private policy incoming then permit

Related Topics

[Contents] [Prev] [Next] [Index] [Report an Error]


[an error occurred while processing this directive]