In a two-zone scenario with the SIP proxy server in an external, or public zone, you can use NAT for incoming calls by configuring source NAT on the interface to the public zone.
Before You Begin |
|---|
For background information, read |
In this example, phone1 is on the ge-0/0/0 interface in the private zone, and phone2 and the proxy server are on the ge-0/0/2 interface in the public zone. You configure interface source NAT on ge-0/0/2.0 for incoming calls, then create a policy permitting SIP traffic from the public zone to the private zone and reference the source NAT in the policy. You also create a policy that permits SIP traffic from the private to the public zone, again referencing the source NAT address pool. This enables phone1 in the private zone to register with the proxy in the public zone. See Figure 76.
Figure 76: Source NAT for Incoming Calls
To configure interface source NAT for incoming calls, use either the J-Web or the CLI configuration editor.
This topic covers:
- user@host# set security policies from-zone private
to-zone public policy outgoing match source-address phone1 destination-address
any application junos-sip
- user@host# set security policies from-zone private
to-zone public policy outgoing then permit source-nat interface
- user@host# set security policies from-zone public to-zone
private policy incoming match source-address any destination-address
incoming-nat-fe0/0/2.0 application junos-sip
- user@host# set security policies from-zone public to-zone
private policy incoming then permit