SIP / VOIP Nat Support in Routers and Firewalls (SIP ALG)
ATTENTION: The settings and potential configurations for equipment found on this page are provided for your benefit and may not necessarily reflect the same hardware, firmware, version, make or model of equipment you are attempting to implement or configure on your network.
Overview
The following list provides information about routers and firewalls and their ability to support VoIP. Suggested configurations should be used to prevent issues with VoIP traffic on your network, but do not represent all possible configuration options. Some equipment is incompatible with VoIP and as such requires replacement.
VOIP/SIP vs NAT
The problem with VoIP and NAT is that both ends of the conversation have to be able to initiate a connection to each other. Consider the simplified sequence of events that happens when PhoneA calls PhoneB using their respective SIP servers, PBXA and PBXB.
• PBXA sends a SIP invitation to PBXB on PhoneA's behalf. In this invitation, it is PhoneA's IP address.
• PBXB invites PhoneB to the conversation specifying PhoneA's IP address as the other end.
• If PhoneB accepts the call, PBXB responds to PBXA with an acknowledgment that includes PhoneB's IP address.
• PBXA tells PhoneA about PhoneB.
• PhoneA sends audio using the Real-Time Protocol (RTP) to PhoneB.
• PhoneB sends audio using RTP to PhoneA.
NAT can cause problems in several places. If one of the PBXes is behind a NAT gateway, the other PBX won't be able to contact it without some additional network setup. If one or more of the phones are behind a NAT gateway, the other phone will be trying to send audio to a non-routable address. This results in failed calls or missing audio.
General Settings
SIP ALG (Application Layer Gateway) and SPI (Stateful Packet Inspection) need to be disabled on most routers and firewalls, if equipped. This is usually found on theSecurity/Firewall tab in the device’s web interface. In cases where the router or firewall does not have these options or the options cannot be disabled, you may have to exchange the equipment for something more compatible.
Small Office / Home Office Routers
The following devices will often work with our service when properly configured. Please consult a network professional to ensure these settings are in place
Manufacturer
|
Model
|
Features
|
Setup and Notes
|
Apple Airport Extreme
|
A1354, A1408, A1521
|
No changes necessary
Replace if Wireless G Model | |
Cisco
|
RV042/RV082/RV016
|
Dual WAN, 4/8/16 ports
|
Disable load balancing
|
Cisco
|
RV120
|
Disable Attack Checks, Disable SIP ALG, Replace
| |
Cisco
|
RV180W
|
Best Effort, Gigabit Ethernet, VPN, Wireless N
|
Disable SIP ALG, Create Outbound Access rule for phones
|
Cisco
|
WVR210-A v1
|
Check for new firmware, Disable SIP ALG and SPI Firewall. Replace.
| |
Cisco / Linksys
|
E4200 v1
|
Dual-Band, Wireless N, Gigabit
|
Turn off SPI Firewall and SIP ALG
|
D-Link
|
DIR655 Rev A
| ||
D-Link
|
EBR2310
|
Wired Router
| |
D-Link
|
EBR2310 Rev C
|
Enable SIP ALG, replace.
| |
D-Link
|
WBR2310
|
Wireless-G
|
No changes necessary.
|
Linksys
|
E900
|
Disable SIP ALG and SPI Firewall
| |
Linksys
|
E2500
|
Disable SIP ALG and SPI Firewall
| |
Linksys
|
E3200 v1
|
802.11a/b/g/n
| |
Linksys
|
E3500
| ||
Linksys
|
EA4500 v1
|
Gigabit, Wireless N
| |
Linksys
|
EA6900
|
Disable SIP ALG and SPI Firewall
| |
Linksys
|
RV042 RV082
|
Dual WAN, 4 ports
|
Disable SIP ALG and SPI Firewall
|
Linksys
|
RVS210
|
Only 4 phones can register. Replace if more than 4 phones needed.
| |
Linksys
|
WRT54G Series
|
802.11b/g
| |
Linksys
|
WRT610N
| ||
MikroTik
|
Any
|
Disable SIP ALG
| |
Netgear
|
DG834G
|
DSL Modem/Router
| |
Netgear
|
FVG318
|
Disable SIP ALG. If issues continue, update firmware.
| |
Netgear
|
FVS318
|
Try to disable SIP ALG and SPI Firewall.
| |
Netgear
|
FVS336G
|
Update firmware and Disable SIP ALG
| |
Netgear
|
R6300 v1
|
Gigabit, AC1750, Dual Band
| |
Netgear
|
WGR614
|
Wireless-G
|
Disable SIP ALG and Port Scan and DoS Protection
(Hardware Version V8 and newer only) |
Netgear
|
WNDR3300
|
N300, Dual Band
| |
Netgear
|
WNDR3400
|
N600, Dual Band
| |
Netgear
|
WNDR3700 v1 v3 v4
|
Gigabit, Wireless N, USB NAS Capability
| |
Netgear
|
WNR1000 v2 v3
| ||
Netgear
|
WNR2000 v2 v3
| ||
Netgear
|
WNR3500L
|
N300
| |
WesternDigital
|
MyNet N600
|
Dual Band, Wireless N, Hard Drive
|
Modem/Router Gateway Devices
These devices are typically provided by an internet service provider. If the phones experience issues with registration and transfers, look first to disable SIP ALG or SPI Firewall settings. In the event that these settings aren’t available, most Modem/Router Gateways require bridging or replacement. Please see below for more details.
Manufacturer
|
Model
|
Features
|
Setup and Notes
|
2Wire
|
Any
| ||
Actiontec
|
GT704-WG-B, Most Models
| ||
Actiontec
|
PK5000
|
Disable SIP ALG at http://192.168.0.1/support/utilites (IP address may be different). Disable SIP ALG & SPI firewall. Or put into Bridge Mode.
| |
Ambit/Ubee
|
U10C037, Any
| ||
Calyptix
|
Any
|
Requires ISP Configuration
| |
Clear
|
Modem/Router
|
Disable firewall and set to pass-through mode.
| |
Comtrend
|
Any
|
Disable SIP ALG in web interface, pictures here
| |
EdgeMarc
|
Most Models
| ||
Motorola
|
3360
|
Set Passthrough.
| |
Motorola
|
2210 (MSTATEA)
|
Set Passthrough.
| |
Motorola
|
NVG510 (Uverse)
|
Not Recommended. Set Passthrough.
| |
Motorola
|
NVG589 (Uverse)
|
Disable SIP ALG and Firewall settings. Set Passthrough mode.
| |
Motorola
|
SBG6580
|
Disable SIP ALG and set Pass-through mode. Update Firmware to 3.3 (requires ISP support)
| |
Motorola
|
SBG901
| ||
Motorola
|
SBG941
| ||
Motorola
|
Surfboard
|
Running firmware v3.3 or higher.
Disable SIP ALG. | |
Netgear
|
7550
|
Netgear 7550Modem/Router Combo
AT&T Uses this | |
Netopia
|
Any, 3000
| ||
Pace
|
Pace (Uverse)
|
Disable Attack Detection and Set Pass-through. Create custom service to allow SIP traffic for ports 5060-5080.
| |
Siemens
|
SpeedStream 4200
| ||
Siemens
|
SpeedStream 5100
| ||
SMC
|
3100
| ||
SMC
|
8014
| ||
SMC
|
D3G
| ||
Technicolor
|
TC8305C
|
Requires DMZ and Compatible Router
| |
U-Verse
|
2-wire, Netgear, Pace, Other
| ||
Westell
|
A90, B90, Most Models
| ||
ZHONE
|
Any
|
Disable SIP ALG, Use Third-Party Router in DMZ
| |
ZyXEL
|
P-660HW
| ||
ZyXEL
|
P792H v2
| ||
ZyXEL
|
PK5001Z (Qwest, CenturyLink)
|
Enterprise Equipment & Firewalls
Enterprise Equipment and Firewalls typically have rules restricting access to the network. It is important that the traffic destined for Vonage Business phones is not blocked. Please see below for details for your specific device.
Manufacturer
|
Model
|
Features
|
Setup and Notes
|
Adtran
|
Netvanta
| ||
Cisco
|
All Enterprise-level devices
| ||
Cyberoam
|
Any
|
Create Firewall Exception Rules
| |
DrayTek Vigor
|
Any
|
SIP ALG must be turned off.
| |
Firebox
|
Any
|
Disable SIP ALG, Create access rules.
| |
FortiGate
|
FortiNet, Any
|
Disable SIP Helper.
| |
Juniper
|
NetScreen
|
Disable SIP ALG and UDP Flood Protection
| |
Netgear
|
ProSafe VPN Firewall
|
Update to firmware 3.0.6-25 and disable SIP ALG
| |
Peplink
|
Any
|
Set SIP Pass-through to Standard Mode
| |
Samsung
|
Ubigate iBG1000
|
Requires ISP Configuration – Disable SIP ALG.
| |
SonicWALL
|
Any
| ||
ZyXEL
|
ZyWALL 5, ZyWall USG 50/80/100
|
Disable SIP ALG, Check for new firmware.
|
Incompatible Network Equipment
The following devices are known to be incompatible with SIP or VoIP. These devices must typically be replaced.
Manufacturer
|
Model
|
Issues
|
Potential Solutions
|
Apple
|
Airport Extreme Wireless G Model
|
Doesn’t allow phones to Register
|
Replace
|
Apple
|
Airport Time Capsule
|
Registration Issues
|
If problems encountered, Replace, Bridge.
|
Arris
|
TM502G
|
Registration Issues
|
Reboot by removing battery. If no improvement, replace.
|
Asus
|
RT-N10, RT-N66U
|
Dropped Calls, Registration issues with old firmware
| |
Belkin
|
F5D, F6D, F7D, FDS, and F9K Series, Any
|
Intermittent One Way Audio
|
Restart, issue will return with time. Check for new firmware/Replace
|
Cisco
|
DPC3939
|
SIP ALG cannot be disabled and still has issues after bridging
|
Replace
|
D-Link
|
DIR-601
|
One-way audio
|
Check for new firmware/Replace
|
D-Link
|
DIR615, DIR600
|
On Firmware 3.X, SIP ALG must be enabled for phone to register. When enabled, it mangles SIP traffic.
|
Check for new firmware/Replace
|
D-Link
|
DIR-628, DIR-825, DIR-835
|
Current firmware version is Incompatible with SIP
|
Check for new firmware/Replace
|
D-Link
|
DIR655 Rev B (or newer)
|
SIP problems
|
Check for new firmware/Replace.
|
Linksys
|
BEFSR Series (BEFSR41, BEFSR81, BEFSRX1, etc.)
|
Phones Can’t Register or Transfer
|
Check for new firmware/Replace
|
Linksys
|
E1200
|
Internet Connection problems.
|
Disable SIP ALG and SPI Firewall. Replace if issues persist.
|
Linksys
|
E3000
|
No-way audio
|
Check for new firmware/Replace
|
Linksys
|
RVS4000
|
One Way Audio after Attended Transfers
|
Check for new firmware/Replace
|
Linksys
|
WRT110N, WRT120N, WRT160N, WRT320N, WRT350N
|
Dropped calls, Transfer issues, Registrations issues, No SIP ALG option
|
Check for new firmware/Replace
|
Linksys
|
WRT55AG
|
Various issues.
|
Use third-party router in DMZ or replace.
|
Linksys
|
WRT54Gv1-4, WRT54G2, WRT54GL
|
Various, Doesn’t allow phones to Register or Transfer
|
Check for new firmware/Replace.
|
Linksys
|
WRTU54G-TM v1
|
Various issues.
|
Check for new firmware/Replace.
|
Linksys
|
WRV54G
|
Various issues.
|
Check for new firmware/Replace.
|
Linksys
|
WRV200, WRV210
|
Registration, loss of audio after transfers, and dropped calls
|
Check for new firmware/Replace
|
Linksys
|
WRV210
|
Various issues.
|
Check for new firmware/Replace.
|
Netgear
|
CG814WCOM, CG814WG, CG814WT
|
Modem/Router Gateway w/ Proprietary Firmware
|
Bridge/Replace
|
Netgear
|
CGD24G
|
Modem/Router Gateway w/ Proprietary Firmware, CD, 1WA
|
Bridge/Replace
|
Netgear
|
FVS318
|
SIP ALG cannot be disabled, various quality problems. Avoid
|
Check for new firmware/Replace
|
Netgear
|
CG3000
|
Modem/Router Gateway w/ Proprietary Firmware
|
Bridge/Replace
|
Netgear
|
WGR614 v1-v7
|
No SIP ALG option. Registration issues.
|
Incompatible. Replace.
|
Netgear
|
WGT624
|
one-way/no-way audio and dropped calls.
|
Check for new firmware/Replace
|
Netgear
|
WNDR3700 v2
|
Failed registrations. Stripped nonce.
|
Check for new firmware/Replace
|
Netgear
|
WNDR4000 v1
|
Transfer issues, Dropped calls, Dropped calls on hold
|
Check for new firmware/Replace
|
Netgear
|
WNR1000 v1
|
No SIP ALG option. Registration issues.
|
Check for new firmware/Replace
|
Netgear
|
WNR2000 v.1
|
Incompatible, SIP Ringing message never arrives
|
Check for new firmware/Replace
|
Netgear
|
WNR2500
|
Registration issues, one-way audio
|
Check for new firmware/Replace
|
Netgear
|
WNR3500
|
Incompatible with SIP
|
If v1, try firmware 1.0.15. Disable SIP ALG and SPI. Replace
|
Netgear
|
WNR834B v.2
|
Drops Transfers (Attended)
|
Check for new firmware/Replace
|
Tenda
|
Any
|
Various issues.
|
Replace
|
Thomson
|
DWG-855
|
Various issues
|
Disable SIP ALG. Check for new firmware. Replace
|
Thomson
|
TG585 v8
|
Various issues
|
Disable SIP ALG. Check for new firmware. Replace
|
Thomson
|
TG587n v2-v7
|
Various issues
|
Disable SIP ALG. Check for new firmware. Replace
|
TP-Link
|
TL-WR741N v2
|
Various issues.
|
Check for new firmware. Replace.
|
TRENDnet
|
TEW-639GR
|
Various issues.
|
Check for new firmware. Replace.
|
TRENDnet
|
TEW-652
|
Various issues.
|
Use Third-Party Router in
|
No comments:
Post a Comment