Supported SIP Topologies and NAT Support
Below is a list of supported SIP topologies. The table also lists NAT that you can configure with each topology. it with. SIP can use a Proxy (or Registrar). If there is more than one proxy device, signaling passes through one or more of them. After the call is set up, the media can pass from endpoint to endpoint directly, or through one or more of the proxies.
Deployment
|
Supports No-NAT
|
Supports
NAT for Internal Phones - Hide/Static NAT
|
Supports
NAT for Proxy - Static NAT
|
Description
|
SIP Endpoint to Endpoint
|
Yes
|
Static NAT only
|
Not applicable
|
- Phones communicate directly without a proxy.
- Static NAT can be configured for the phones on the internal side of the gateway.
|
SIP Proxy in External Network
|
Yes
|
Yes
|
Not applicable
|
- IP phones use the services of a proxy on the external side of the gateway.
- Enables the use of a proxy that is maintained by another organization.
- Configure Hide NAT, Static NAT, or no-NAT for the phones on the internal side of the gateway.
|
SIP Proxy to SIP Proxy
|
Yes
|
Yes
|
Yes
|
- Each proxy controls a separate endpoint domain.
- Configure Static NAT for the internal proxy.
- Configure Hide NAT or Static NAT for the internal phones.
|
SIP Proxy in DMZ
|
Yes
|
Yes
|
Yes
|
- The same proxy controls both endpoint domains. This makes it possible to provide proxy services to other organizations.
- Static NAT or no-NAT can be configured for the proxy.
- Hide NAT, Static NAT, or no NAT can be configured for the phones on the internal side of the gateway.
|
For complete information on NAT configuration, see the R80.20.M2 Security Management Administration Guide.
Below are some exceptions when you use SIP with NAT:
- NAT is not supported on IP addresses behind an external Check Point gateway interface.
- Calls cannot be made from an external source to two endpoints on the trusted side of a gateway if only one of the endpoints is NAT enabled.
- You can use Automatic NAT for other deployments.
Additional Conditions for Using NAT in SIP Networks
You can use SIP with NAT with these exceptions:
- NAT is not supported on IP addresses behind an external Check Point gateway interface.
- Manual NAT rules are only supported for proxies in DMZ deployments. You can use Automatic NAT as an alternative.
- Calls cannot be made from an external source to two endpoints on the trusted side of a gateway if one of the endpoints is NAT enabled and the other is not.
