3Com Version 4.3 SIP sessions

AppendixA. More About SIP

oftenopens up certain protocols and ports in advance, but now you don’t know which ports to open. To handle SIP

througha ﬁrewall which doesn’t understand the SIP concept, all ports must be open all the time, which would make

theﬁrewall somewhat unnecessary. A ﬁrewall that understands SIP can open up the ports for the right protocols just

whenthe SIP trafﬁc needs it.

Inthe SIP headers there is a lot of information concerning what IP numbers the session participants use. This is a

problemif a SIP session should be established through a ﬁrewall using NAT.The IP number on the hidden side

(whichappears in the SIP headers) won’t be the same as the one that clients on the outside should use.

SIP sessions

Establishing a SIP session

Youstart a call (a session) by sending a request to the address of the person you want to communicate with. The

formatof the address is <sip:user@host>, where user can be a user name or a telephone number, and host can be a

domainname (e.g. example.com) or a numerical network address (e.g. 172.15.253.12). This means that it usually

looksa lot like a standard e-mail address. In this request information about which media streams the client wants to

send/receiveand what ports should be used is also included.

TheSIP client sends this request to its default SIP proxy. This proxy resolves the SIP domain in DNS, and sends the

requestto the SIP registrar for that domain. The proxy also adds information stating that the request was routed

throughthe proxy, thus ensuring that the reply will be routed the same way.

Theregistrar for the domain looks up the user to see where he is registered, and forwards the request to the machine

inquestion. The SIP client on this machine alerts the user, indicating that someone wants to initiate a SIP session.

Theuser conﬁrms that he, too, wants the SIP session. The client sends a reply with necessary information about

whatports should be used by this client for sending and receiving media streams.

Theﬁrst client receives the reply and sends a conﬁrmation packet. After this, the media streams can be sent.

126

Contents

Main 3Com TelecommutingModule User Manual: Version 4.3 Table of Contents Page Chapter 1. Introduction to 3Com VCX IP What is a Telecommuting Module? Conguration alternatives DMZ Conguration DMZ/LAN Conguration Quick guide to 3Com VCX IP Telecommuting Module installation Page Before you start About settings in 3Com VCX IP Telecommuting Module Chapter 2. Installing 3Com VCX IP Installation Installation with magic ping Installation with a serial cable Page Page Installation with a diskette Page Turning off a Telecommuting Module Remember to lock up the Telecommuting Module Chapter 3. Conguring 3Com VCX IP Logging on Log on again Log out Navigation Site Map Overview of conguration Preliminary and permanent conguration Conguring IP addresses and masks in 3Com VCX IP Telecommuting Module IP address Mask/Bits Name queries in 3Com VCX IP Telecommuting Module Page Chapter 4. How To Congure SIP DMZ Telecommuting Module, SIP server on the outside Networks and Computers Page DMZ Telecommuting Module, SIP server inside Networks and Computers Surroundings Page Basic Conguration Save/Load Conguration Standalone Telecommuting Module, SIP server on the outside Page Standalone Telecommuting Module, SIP server inside Page DMZ/LAN Telecommuting Module, SIP server on the outside Page DMZ/LAN Telecommuting Module, SIP server inside Routing Interoperability Page Page Chapter 5. The Serial Console Connecting to the serial console Main Menu 1. Basic conguration 2. Save/Load conguration Basic conguration IP address Physical device name IP address Netmask/bits Conguration computers Congure from a single computer Congure from multiple computers Password Save/Load conguration Load preliminary conguration Load both congurations and apply Save preliminary conguration Save permanent conguration Become a failover team member Leave failover team and become standalone Wipe email logs Set password Exit admin Chapter 6. Basic Conguration Basic Conguration Name of this TelecommutingModule Default domain IP policy Default Gateways DNS name or IP address IP address Gateway Reference Hosts DNS name or IP address Access Control Conguration Allowed Via Interface User Authentication Conguration Transport Conguration via HTTP Conguration via HTTPS Conguration Computers DNS Name Or Network Address Network Address Netmask/Bits Range RADIUS RADIUS Servers Identier Contact IP Address Status for RADIUS servers Conguration of a RADIUS server SNMP SNMP v1 and v2c SNMP v3 SNMP Traps Download the 3Com MIB Certicates Private Certicates Create certicate or certicate request Page CA Certicates Information Telecommuting Module Type The DMZ Conguration The DMZ/LAN Conguration The Standalone Conguration Telecommuting Module Typeconguration Current TelecommutingModule Type Page Chapter 7. Network Conguration Networks and Computers Name Subgroup Lower Limit DNS Name Or IP Address IP Address Upper Limit Interface (Network Interface 1 and 2) Physical device name Status Interface name Directly Connected Networks Alias Static routing Routed network Router VLAN Interface Status Surroundings Page Chapter 8. SIP Services Administration of SIP Basic SIP media port range SIP Servers To Monitor Logging Log class for SIP signaling Log class for SIP packets Log class for SIP debug messages Interoperability Loose routing Relaxed Refer-To Remove VIA headers Translation exceptions Preserve username Loose username check SIP URL encryption Page Force Record-Route For All Requests Force remote TLS connection reuse Page Sessions and Media Session Conguration Requests Maximum number of retransmissions for non-INVITE requests Remote SIP Connectivity STUN Server STUN server function STUN server IP addresses STUN ports Remote NAT Traversal Remote NATtraversal Re-REGISTER period for clients Use OPTIONS for registered clients OPTIONS interval Chapter 9. SIP Trafc SIP Methods Routing Domain or IP address Port Class 3xx message processing Forward class 3xx messages DNS Override For SIP Requests Domain Relay to Session Status Registered Users Active Sessions Chapter 10. Administration Save/Load Conguration Test Preliminary Conguration Duration of limited test mode Apply conguration Backup Save to diskette Load from diskette Save to local le Load from local le Show conguration User Administration Password For the admin Account Other Accounts Currently Logged In Administrators Log out Upgrade Upgrade Step 1 Step 2 Step 3 Table Look Edit Column Always have an Edit column Sometimes have an Edit column Never have an Edit column Date and Time Change Time Zone Change Date and Time Manually Date Time Set date and time manually Change Date and Time With NTP Restart Page Chapter 11. Logging Display Log Packet TypeSelection IP Address Selection Protocol/Port Selection All IP protocols TCP/UDP ICMP Beside the boxes Show newest at top Time Limits Periodical search Show This The log Display Load Time Period Interface Page Resource Monitoring Logging Conguration Inbound trafc Warnings VPN events SIP events Log Classes Log Sending Page Chapter 12. Failover Specication of failover Requirements Features Failover Telecommuting Module setup Failover Settings Dedicated interface The dedicated interface to use Dedicated network Failover type Reference Hosts Failover Status Failover Status Failover team Leaving a failover team Page Chapter 13. Tools Packet Capture Network Interface Selection IP Address Selection Protocol/Port Selection All IP protocols TCP/UDP ICMP ESP Collect data Chapter 14. Firewall and Client Conguration The DMZ type The Firewall The SIP clients The DMZ/LAN type The Firewall The Standalone type Page Appendix A. More About SIP The SIP protocol Why use SIP? SIP and rewalls SIP sessions Establishing a SIP session Appendix B. Troubleshooting Network troubleshooting No trafc shown in the log Trafc discarded as spoofed SIP troubleshooting VPN troubleshooting No IPsec tunnel established IPsec tunnel established, no trafc IPsec tunnel established, no trafc after some time Administration troubleshooting The Telecommuting Module is unaccessible forsome time when trying to apply a conguration Appendix C. Lists of Reserved Ports, ICMP Types and Codes, and Internet Protocols List of the most important reserved ports Page Page List of ICMP types ICMP codes Page Internet protocols and their numbers IP intervals Page Reserved IP addresses Appendix D. Denitions of terms Page Page Page Page Page Page Appendix E. License Conditions GNU GENERAL PUBLIC LICENSE Version 2, June 1991 Preamble GNU GENERAL PUBLIC LICENSE Page Page GNU LESSER GENERAL PUBLIC LICENSE Version 2.1, February 1999 Preamble GNU LESSER GENERAL PUBLIC LICENSE Page Page Page The Python license Terms and conditions for accessing or otherwise using Python CWI PERMISSIONS STATEMENT AND DISCLAIMER Python Imaging Library The BSD license The MIT license The DHCP license The OpenSSL license The bzip2 license The lilo license The Vovida license The VovidaSoftware License , Version1.0 The Cavium license The Cavium License The zlib license Appendix F. Obtaining Support for Your 3Com Products Register Your Product to Gain Service Benets Solve Problems Online Purchase Extended Warranty and Professional Services Access Software Downloads Telephone TechnicalSupport and Repair Asia, Pacic Rim - TelephoneTechnical Support and Repair Europe, Middle East, and Africa - TelephoneTechnical Support and Repair Latin America - Telephone TechnicalSupport and Repair US and Canada - Telephone TechnicalSupport and Repair Index