Disable SIP ALG -- Cisco Enterprise
Regarding SIP ALG
Almost all routers include a feature called SIP ALG, and are delivered with this feature enabled by default.
An Application Layer Gateway, or ALG, could help in solving NAT related problems, but in our experience, most ALG implementations are wrong and break SIP.
Leaving SIP ALG enabled not only breaks SIP functionality, but can also impact the RTP audio stream resulting in one-way audio where you can hear the caller, but they can't hear you, or vice versa.
You should disable SIP ALG and configure either port triggering or one-to-one port mapping on the router as appropriate.
Cisco Router Configuration
Configuring SIP ALG for NAT and Firewall is somewhat counter-intuitive in Cisco devices.
To disable the NAT support for SIP, use the
no ip nat service sip command as shown in the example below.
Release 12.4 Summary Steps:
- Enable privileged .xEC mode.
- Enter global configuration mode.
- Disable NAT support for SIP on TCP protocol
no ip nat service sip tcp port 5060
no ip nat service sip tcp port 5070
- Disable NAT support for SIP on UDP protocol
no ip nat service sip udp port 5060
no ip nat service sip udp port 5070
These settings will be lost on next reboot if the updated configuration file is not saved to NVRAM.
In order for your Cisco PIX device to work with our service, you will typically need to disable SIP transformations. Enter the following lines on any Cisco router or switch that is performing a NAT on outbound traffic this will disable SIP specific transformations done on packets going through the NAT.
no ip nat service SIP udp port 5060
no ip nat service SIP udp port 5070
Cisco PIX’s general release software (release 6.1 and 6.2) has a limitation that does not allow SIP processing to be disabled for UDP. Cisco provides a maintenance release to allow the disabling of SIP processing for UDP. The specific release tested is 126.96.36.199. This load can be obtained from Cisco through their normal support channels.
Configuring Cisco PIX 6.x for VoIP Traffic
In order to configure your device for our service, follow these steps:
- Once the load is upgraded to 188.8.131.52, enter the command:
- You should see the following lines:
fixup protocol sip 5060
fixup protocol sip udp 5060
fixup protocol sip 5070
fixup protocol sip udp 5070
- To disable SIP processing, enter the commands:
no fixup protocol sip 5060
no fixup protocol sip udp 5060
no fixup protocol sip 5070
no fixup protocol sip udp 5070
- In addition, the RPC timer needs to be extended, or voice path is lost after the default 10 minutes. This can be done by going to the enable prompt and configuring terminal and entering:
timeout rpc never-time-out
Then save the config to memory and verify the value by entering:
sh timeout rpc
It should display 0:00:0.
Configuring Cisco PIX Firewall Software Version 7.x
In Versions 7.x of the PIX software,
fixup has been replaced with
inspect. This line can be found in either a global or interface specific policy map. A generic configuration will contain entries like this:
inspect dns maximum-length 512
inspect h323 h225
inspect h323 ras
In the example above, you would need to enter configuration mode via the command line and execute the following commands:
no inspect sip
Disable SIP ALG -- Billion BiPAC
Log into your Billion router using your web browser. From the left-hand menu, navigate...
About SIP ALG .. and the need to disable it
SIP ALG Explained Most of today's routers implement SIP ALG (Application Layer Gateway)...
Quality of Service (QoS) -- DSCP TOS CoS Precedence Conversion Chart
Quality of Service (QoS) -- Cisco SRP527W Router
Go to Network setup > QoS > QoS Policy Select “Add entry” and configure...
Quality of Service (QoS) -- Billion BiPac Routers
Match your Billion BiPac router's QoS settings to the following screenshot ...