HP VCX Software manual Managing Your Own SIP Domain, SIP and Firewalls

Appendix A. More About SIP

•Small connection overhead

Establishing a connection using H.323 takes about three times the data and turnarounds compared to when using SIP.

Apart from this, there are some more disadvantages with H.323. As it uses many protocols, more ports need to be opened in a firewall to enable H.323 signaling through. SIP is a single protocol, which means that only one port has to be opened for SIP signaling. For both protocols, however, more ports must be opened for the data traffic.

SIP runs on both TCP and UDP (and, in fact, can be extended to run on almost any transport protocol), making it possible to use UDP for large servers, thereby enabling stateless ses- sions. H.323 only runs on TCP, which as already stated loads the servers by requiring state management.

SIP and Firewalls

When trying to use SIP through a firewall, there are some problems.

SIP initiates sessions of other protocols. This means that when a SIP session has been started, various other protocols are used as well, usually transmitted over TCP or UDP on some port. For a firewall, this is a problem, as it often opens up certain protocols and ports in advance, but now you don’t know which ports to open. To handle SIP through a firewall which doesn’t understand the SIP concept, all ports must be open all the time, which would make the firewall somewhat unnecessary. A firewall that understands SIP can open up the ports for the right protocols just when the SIP traffic needs it.

In the SIP headers there is a lot of information concerning what IP addresses the session participants use. This is a problem if a SIP session should be established through a firewall using NAT. The IP address on the hidden side (which appears in the SIP headers) won’t be the same as the one that clients on the outside should use.

Managing Your Own SIP Domain

If you want to use your own SIP domain, there are some things you need to configure in order to make everything work nicely.

•The Telecommuting Module needs to be configured to handle the SIP domain.

•If you use a separate PBX/registrar, this must also be configured to handle the SIP domain.

•The DNS server managing your main domain should be updated with records for the SIP domain.

•The SIP clients used by users on this domain need to be configured.

Configuring the 3Com VCX IP Telecommuting Module

The Telecommuting Module only needs configuration to forward SIP requests to your reg- istrar. This configuration guide assumes that the PBX is located on your LAN.

322