[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Using NAT and the H.323 ALG to Enable Incoming Calls

In this example, you configure the J-series device to accept incoming calls over a NAT boundary. To do this, you can create an interface NAT address pool for dynamically allocating destination addresses. This differs from most configurations, where a source pool provides source addresses only. See Figure 70.

Before You Begin

For background information, read Understanding the H.323 ALG.

Figure 70: Network Address Translation—Incoming Calls

Image g030628.gif

Interface NAT is when the source pool uses the same address as an interface IP address. You can use such address entries as destination addresses in policies, together with H.323, SIP, or other VoIP protocols, to support incoming calls.

To configure incoming calls using NAT, use either the J-Web or CLI Configuration editor.

This topic covers:

CLI Configuration

In the following example, you configure interfaces, a NAT address pool, zones, and security policies for incoming and outgoing traffic:

  1. Configure interfaces.
    user@host# set interfaces ge-0/0/0 unit 0 family inet address 10.1.1.1/24
    user@host# set interfaces fe-1/0/0 unit 0 family inet address 1.1.1.1/24
  2. Configure interface NAT.
    user@host# set security nat source-nat address-persistent
    user@host# set security nat interface fe-1/0/0.0 source-nat pool p1 address-range low 1.1.1.12 high 1.1.1.150
  3. Configure zones.
    user@host# set security zones security-zone zone1 interfaces ge-0/0/0.0
    user@host# set security zones security-zone zone1 address-book address IP_Phone1 10.1.1.5/32
    user@host# set security zones security-zone zone1 address-book address gatekeeper 10.1.1.25/32
    user@host# set security zones security-zone zone2 interfaces fe-1/0/0.0
    user@host# set security zones security-zone zone2 address-book address IP_Phone2 2.2.2.5/32
    user@host# set security zones Global
  4. Configure policies for outgoing traffic.
    user@host# set security policy from-zone zone1 to-zone zone2 policy zone1_to_zone2 match source-address IP_Phone1
    user@host# set security policy from-zone zone1 to-zone zone2 policy zone1_to_zone2 match source-address gatekeeper
    user@host# set security policy from-zone zone1 to-zone zone2 policy zone1_to_zone2 match destination-address IP_Phone2
    user@host# set security policy from-zone zone1 to-zone zone2 policy zone1_to_zone2 match application junos-h323
    user@host# set security policy from-zone zone1 to-zone zone2 policy zone1_to_zone2 then permit source-nat pool p1
  5. Configure policies for incoming traffic.
    user@host# set security policy from-zone zone2 to-zone Global policy zone2_to_Global match source-address IP_Phone2
    user@host# set security policy from-zone zone2 to-zone Global policy zone2_to_Global match destination-address incoming_nat_p1
    user@host# set security policy from-zone zone2 to-zone Global policy zone2_to_Global match application junos-h323
    user@host# set security policy from-zone zone2 to-zone Global policy zone2_to_Global then permit

Related Topics


[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]