With the SIP proxy server in the internal, or private, zone, static NAT on the interface to the external, or public, zone is sufficient to allow callers in the public zone to register with the proxy server.
Before You Begin |
|---|
For background information, read |
In this example, phone1 and the SIP proxy server are on the ge-0/0/0 interface in the private zone, and phone2 is on the ge-0/0/2 interface in the public zone. You configure static NAT on the ge-0/0/2 interface to the proxy server to allow phone2 to register with the proxy, then create a policy allowing SIP traffic from the public to the private zone to enable callers in the public zone to register with the proxy, and a policy from the private to the public zone to allow phone1 to call out. See Figure 79.
Figure 79: Proxy in the Private Zone
Use either the J-Web or CLI configuration editor.
This topic covers:
- user@host# set security policies from-zone private
to-zone public policy outgoing match source-address any
- user@host# set security policies from-zone private to-zone
public policy outgoing match destination-address phone2
- user@host# set security policies from-zone private
to-zone public policy outgoing match application junos-sip
- user@host# set security policies from-zone private
to-zone public policy outgoing then permit source-nat interface
- user@host# set security policies from-zone public to-zone
private policy incoming match source-address phone2
- user@host# set security policies from-zone public to-zone
private policy incoming match destination-address static_nat_1.1.1.2_32
- user@host# set security policies from-zone public to-zone
private policy incoming match application junos-sip
- user@host# set security policies from-zone public to-zone
private policy incoming then permit