This chapter covers how to use the UAG's ALG feature to allow certain applications to pass through
the UAG.
16.1 ALG Introduction
The UAG can function as an Application Layer Gateway (ALG) to allow certain NAT un-friendly
applications (such as SIP) to operate properly through the UAG's NAT.
Some applications cannot operate through NAT (are NAT un-friendly) because they embed IP
addresses and port numbers in their packets' data payload. The UAG examines and uses IP address
and port number information embedded in the VoIP traffic's data stream. When a device behind the
UAG uses an application for which the UAG has VoIP pass through enabled, the UAG translates the
device's private IP address inside the data stream to a public IP address. It also records session
port numbers and allows the related sessions to go through the firewall so the application's traffic
can come in from the WAN to the LAN.
The UAG only needs to use the ALG feature for traffic that goes through the UAG's NAT. The firewall
allows related sessions for VoIP applications that register with a server. The firewall allows or blocks
peer to peer VoIP traffic based on the firewall rules.
You do not need to use a TURN (Traversal Using Relay NAT) server for VoIP devices behind the UAG
when you enable the SIP ALG.
UAG CLI Reference Guide
C
HAPTER
1 6
ALG
115