This is a very common case. I actually am more concerned about trying to go through an enterprise-class router than SOHO class Linksys type device because of ALG functions. A misconfigured or default ALG is a sure fire way to mess things up. There was a common case we had along these lines with the Netopia routers ATT was deploying for a long time with its business DSL customers (really anyone with static/multiple IPs). The Netopia had an undocumented SIP ALG that was enabled by default and not mentioned or configurable via the web interface. We had to get into the CLI and disable the ALG every time we tried to set a customer up behind one of these. Basically what happens in the ALG replaces the IPs in the packets with whatever IP is on the router, but didn't translate correctly on the way back in. As for router configurations, there are 3 ways to handle that. Either you manage the router and make the changes for the customer, give them access and say "you break you fix", or segment and pass off a different public IP address to them so they can manage their own firewall. I am big fan of segmentation, but something like that obviously adds complexities and costs. -Scott -----Original Message----- From: voiceops-bounces at voiceops.org [mailto:voiceops-bounces at voiceops.org] On Behalf Of Carlos Alvarez Sent: Thursday, January 28, 2010 10:00 PM Cc: voiceops at voiceops.org Subject: Re: [VoiceOps] Explaining router/NAT problems to customers On 1/28/10 7:19 PM, Ujjval Karihaloo wrote:
I recommend enabling Voip ALG on junipers, given u r on a pretty recent os load.
I think that's what started the issues on that one. Today the customer finally told us they upgraded the Juniper two weeks ago. Coincidentally around the time the phone issues started. The BYOI model is for the smallest customers so cost is always an issue. We're talking the under 25 handset customer, often 5-10 handsets. At some point I do realize that cheap creates problems. I just have to find the balance. I'm really leaning towards telling these customers that they have to use a router we provide. Like I said, even the WRT has a great track record in this small-company space. The company with the Juniper has ten phones, the Juniper was just a big money-maker for their IT consultants. For those of you who provide a router, what do you tell the customer if they want port forwarding or NAT configurations? -- Carlos Alvarez TelEvolve 602-889-3003 Advanced phone services simplified _______________________________________________ VoiceOps mailing list VoiceOps at voiceops.org https://puck.nether.net/mailman/listinfo/voiceops