In trying to determine on a network that I don’t manage whether the network is “SIP Aware” (SIP ALG), I used the following method to quickly test.
Client Network
LAN | 192.168.1.1/24 |
WAN | 11.22.33.44 |
SIP Phone | 192.168.1.60 |
Remote Network
SIP Server | 4.49.115.30 |
I configured my phone to point to my linux server at 4.49.115.30 as the SIP server and started up a capture using tcpdump.
tcpdump -i ens192 -w sip_alg.pcap
I ran it for a few seconds to capture traffic from my phone.
Packet Showing Network With ALG
If the network is SIP aware and using ALG, the Contact:
portion of the packet header message will show the public IP of the client’s network.
REGISTER sip:4.49.115.30:5060 SIP/2.0
Via: SIP/2.0/UDP 11.22.33.44:22501;branch=z9hG4bK738593727
From: "200" <sip:200@4.49.115.30:5060>;tag=738463962
To: "200" <sip:200@4.49.115.30:5060>
Call-ID: 0_738583021@192.168.1.60
CSeq: 1 REGISTER
Contact: <sip:200@11.22.33.44:22501>
Allow: INVITE, INFO, PRACK, ACK, BYE, CANCEL, OPTIONS, NOTIFY, REGISTER, SUBSCRIBE, REFER, PUBLISH, UPDATE, MESSAGE
Max-Forwards: 70
User-Agent: Yealink SIP-T33G 124.86.0.40 805e0cxxxxxx
Expires: 3600
Allow-Events: talk,hold,conference,refer,check-sync
Content-Length: 0
Packet Showing Network Without ALG
If the network is not SIP aware and using ALG, the Contact:
portion of the packet header message will show the RFC 1918 IP address on the client’s network.
REGISTER sip:4.49.115.30:5060 SIP/2.0
Via: SIP/2.0/UDP 192.168.1.60:5060;branch=z9hG4bK735305753
From: "200" <sip:702200@4.49.115.30:5060>;tag=735174715
To: "200" <sip:702200@4.49.115.30:5060>
Call-ID: 0_735247007@192.168.1.60
CSeq: 1 REGISTER
Contact: <sip:200@192.168.1.60:5060>
Allow: INVITE, INFO, PRACK, ACK, BYE, CANCEL, OPTIONS, NOTIFY, REGISTER, SUBSCRIBE, REFER, PUBLISH, UPDATE, MESSAGE
Max-Forwards: 70
User-Agent: Yealink SIP-T33G 124.86.0.40 805e0cxxxxxx
Expires: 3600
Allow-Events: talk,hold,conference,refer,check-sync
Content-Length: 0
Disable SIP ALG
Here are some ways to disable SIP ALG on various devices I’ve had experience with.
Cisco ASA
ciscoasa> enable
Password:
ciscoasa# config terminal
ciscoasa(config)# policy-map global_policy
ciscoasa(config-pmap)# class inspection_default
ciscoasa(config-pmap-c)# no inspect sip