D-Link DFL-260E User Manual for DFL-260E - Page 297
The Service object for IP rules, Scenario 2
View all D-Link DFL-260E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 297 highlights
6.2.8. The SIP ALG Chapter 6. Security Mechanisms traversal issues with NAT in a SIP setup. The IP rules with the Record-Route option enabled would be as shown below, the changes that apply when NAT is used are shown in parentheses "(..)". Action Allow (or NAT) Allow Src Interface lan wan Src Network lannet ip_proxy Dest Interface wan lan (or core) Dest Network ip_proxy lannet (or wan_ip) Without the Record-Route option enabled the IP rules would be as shown below, the changes that apply when NAT is used are again shown in parentheses "(..)". Action Allow (or NAT) Allow Src Interface lan wan Src Network lannet Dest Interface wan lan (or core) Dest Network lannet (or ipwan) The advantage of using Record-Route is clear since now the destination network for outgoing traffic and the source network for incoming traffic have to include all IP addresses that are possible. The Service object for IP rules In this section, tables which list IP rules like those above, will omit the Service object associated with the rule. The same, custom Service object is used for all SIP scenarios. Scenario 2 Protecting proxy and local clients - Proxy on the same network as clients In this scenario the goal is to protect the local clients as well as the SIP proxy. The proxy is located on the same, local network as the clients, with SIP signalling and media data flowing across two interfaces. This scenario is illustrated below. This scenario can be implemented in two ways: • Using NAT to hide the network topology. 297