Chapter 15 ALG
ZyWALL USG Series User’s Guide
455
• You do not need to use TURN (Traversal Using Relay NAT) for VoIP devices behind the Zyxel Device
when you enable the SIP ALG.
• Configuring the SIP ALG to use custom port numbers for SIP traffic also configures the application
) to use the same port numbers for SIP traffic. Likewise, configuring
the application patrol to use custom port numbers for SIP traffic also configures SIP ALG to use the
same port numbers for SIP traffic.
Peer-to-Peer Calls and the Zyxel Device
The Zyxel Device ALG can allow peer-to-peer VoIP calls for both H.323 and SIP. You must configure the
security policy and NAT (port forwarding) to allow incoming (peer-to-peer) calls from the WAN to a
private IP address on the LAN (or DMZ).
VoIP Calls from the WAN with Multiple Outgoing Calls
When you configure the security policy and NAT (port forwarding) to allow calls from the WAN to a
specific IP address on the LAN, you can also use policy routing to have H.323 (or SIP) calls from other LAN
or DMZ IP addresses go out through a different WAN IP address. The policy routing lets the Zyxel Device
correctly forward the return traffic for the calls initiated from the LAN IP addresses.
For example, you configure the security policy and NAT to allow LAN IP address
A
to receive calls from
the Internet through WAN IP address
1
. You also use a policy route to have LAN IP address
A
make calls
out through WAN IP address
1
. Configure another policy route to have H.323 (or SIP) calls from LAN IP
addresses
B
and
C
go out through WAN IP address
2
. Even though only LAN IP address
A
can receive
incoming calls from the Internet, LAN IP addresses
B
and
C
can still make calls out to the Internet.
Figure 316
VoIP Calls from the WAN with Multiple Outgoing Calls
VoIP with Multiple WAN IP Addresses
With multiple WAN IP addresses on the Zyxel Device, you can configure different security policy and NAT
(port forwarding) rules to allow incoming calls from each WAN IP address to go to a specific IP address
on the LAN (or DMZ). Use policy routing to have the H.323 (or SIP) calls from each of those LAN or DMZ IP
addresses go out through the same WAN IP address that calls come in on. The policy routing lets the
Zyxel Device correctly forward the return traffic for the calls initiated from the LAN IP addresses.
For example, you configure security policy and NAT rules to allow LAN IP address
A
to receive calls
through public WAN IP address
1
.
You configure different security policy and port forwarding rules to
allow LAN IP address
B
to receive calls through public WAN IP address
2
. You configure corresponding
Summary of Contents for USG110
Page 27: ...27 PART I User s Guide ...
Page 195: ...195 PART II Technical Reference ...
Page 309: ...Chapter 10 Interfaces ZyWALL USG Series User s Guide 309 ...
Page 313: ...Chapter 10 Interfaces ZyWALL USG Series User s Guide 313 ...
Page 358: ...Chapter 10 Interfaces ZyWALL USG Series User s Guide 358 ...
Page 373: ...Chapter 10 Interfaces ZyWALL USG Series User s Guide 373 ...