Newport Networks Sesson Border Controller
Home Company Investors Solutions Product News Contact White Papers
Search Site Map

White Papers

IPsec and VoIP
 Security and IMS
 Emergency Calls in VoIP
 UK Interconnect
 Session Control in IMS
 NAT Traversal
 QoS, Bandwidth
 SIP Security
 Lawful Intercept
 VoIP Bandwidth

Resources

What is a Session Border Controller?
 Glossary
 Bandwidth Calculator

White Paper - Solving the Firewall and NAT Traversal Issues for Multimedia over IP Services

Solving the 'Firewall Problem'

Solving the 'Firewall problem' means allowing secure incoming, unsolicited media from unknown IP addresses and ports. This is in clear conflict with sensible security policies. In the Newport Networks solution, the MediaProxy acts as a transit point (or meeting point) for all media sessions. Media sessions are always initiated from inside the Firewall - sent to a specified IP address and port on the MediaProxy that has been dynamically allocated for that session. The MediaProxy learns the originating public address from this in order to return the incoming stream to the same address and port.

Thus, receiving an incoming call is achieved through always establishing outgoing paths first, complying with typical Firewall security policies.

NAT traversal with IPsec

The increasing need to provide security for SIP signalling has lead to bodies such as 3GPP and TISPAN to evaluate and select suitable security protocols. 3GPP selected IPsec ESP, however this was not suitable for TISPAN's use in fixed line networks. IPsec encounters problems when traversing NAT devices which lead TISPAN to select UDP encapsulation of IPsec. This overcomes the NAT traversal problems whilst providing the required encryption and authentication and still complies with 3GPP's overall security architecture. A separate White Paper "IPsec in VoIP Networks" examines the flavours and IPsec and TISPAN's selection of UDP encapsulation.

Conclusion

Service Providers are looking at IP-based voice and multimedia services as major sources of new revenue. Unfortunately, a number of technical problems have, to date, prevented Service Providers and carriers alike from realising these benefits. Today, the most significant of these is to provide secure connection to subscribers behind NAT (Network Address Translation) devices and Firewalls.

The Newport Networks 1460 Automatic Channel Mapping (ACM) feature solves these problems by enabling secure traversal of ALL corporate Firewall/NATs. This solution does not require additional customer premise equipment, nor does it require the replacement of existing Firewalls and NATs. This removes the necessity to visit customer premises to install new equipment, reduces the cost of connecting new subscribers and significantly simplifies the subscriber registration process.


1 | 2 | 3 | 4 | 5 | 6



Page 6 of 6


See Also

IPsec in VoIP Networks

IPsec encounters problems with NATs this paper examines the issues and looks at how UDP encapsulation of IPsec solved them.


Copyright © 2007 Newport Networks Ltd. All rights reserved. RSS | Site Map | Extranet | Blog | Terms of Use | Privacy