Figure 9-23 Nec Sl2100 Network Example No. 1 - NEC Sl2100 Networking Manual

ISSUE 1.0 SL2100
Firewalls
Another regular device in customer networks that can hinder VoIP performance is a firewall. Most
corporate LANs connect to the public Internet through a firewall. A firewall is filtering software built into
a router or a stand alone server unit. It is used to protect a LAN it from unauthorized access, providing
the network with a level of security. Firewalls are used for many things, but in its simplest form, a
firewall can be thought of as a one way gate. It allows outgoing packets from the local LAN to the
Internet but blocks packets from the Internet routing into the local LAN, unless they are a response to
query.
A firewall must be configured to allow specific traffic from the Internet to pass through onto the LAN. If
an IP phone is deployed out over the Internet there is a very good chance it is passing through a
firewall, either at the MAIN, the remote, or both locations.
The following diagram shows two IP phones on the corporate local LAN and one IP phone on a
Remote network connected via the Internet. The two phones that are installed on the local LAN are
functioning correctly. The IP phone at the remote site cannot register therefore it is not working.
Headquarters
Local LAN
Internet
Remote Network
Firewall
Firewall

Figure 9-23 NEC SL2100 Network Example No. 1

The green arrow in the diagram above represents the data packets leaving the IP phone destined for
the SL2100 on the Headquarters LAN. The firewall on the Headquarters network is not configured to
recognize the UDP ports used by the NEC equipment thus blocking them and resulting in registration
failure. To solve this issue the ports used by the NEC VoIP equipment must be opened in the firewall
allowing the NEC traffic to pass through onto the SL2100.
The ports that are required to be opened on the headquarters locations are:
5080 and 5081 (UDP) for Signaling and 10020 ~ 10275 (UDP) for Voice.
The ports that need to be opened on the Remote network are 5060 (UDP) for signaling and ports 3462
and 3463 for voice (UDP).
VPN
Another common feature is the use of the Internet as the WAN between customer locations. When this
is done VPNs are typically used between the locations. A VPN (Virtual Private Network) is a private
data network that maintains privacy through the use of tunneling protocols and security features over
the public Internet. This allows for remote networks (with private addresses), residing behind NAT
routers and/or firewalls, to communicate freely with each other. When building the VPN tunnels,
throughout the network, they must be assigned as a fully meshed network. This means that every
network is allowed direct connection to each and every other network in the topology. Network
equipment limitations may sometimes restrict this ability resulting in no voice path on VoIP calls
between sites. When this happens Peer-to-Peer must be disabled in the SL2100. The downside to
disabling Peer-to-Peer is using more DSPs and consumption of additional bandwidth at the MAIN
location.
Networking Manual 9-29