You are here: Cookbook > IPv6 > Realizing SIP Communication in IPv6-only or IPv4/IPv6 Hybrid Networks Using ALG

Realizing SIP Communication in IPv6-only or IPv4/IPv6 Hybrid Networks Using ALG

This example introduces how to configure ALG to realize the SIP communication in IPv6-only or IPv4/IPv6 hybrid networks, including the following three scenarios:

  • Scenario 1: IPv6-only network. In the topology below, an enterprise sets up a Hillstone security device as the export gateway to connect internal network with the Internet. Both internal and external network IP addresses are deployed with IPv6 addresses. With the ALG function configured, the internal SIP UC1 and the external SIP UC3 can successfully establish communication with each other.

  • Scenario 2: IPv4 network to IPv6 network. In the topology below, an enterprise sets up a Hillstone security device as the export gateway to connect internal network with the Internet. The internal network is deployed with IPv4 addresses and the external network is deployed with IPv6 addresses. With the ALG function configured, the internal SIP UC1 and the external SIP UC3 can successfully establish communication with each other.

  • Scenario 3: IPv6 network to IPv4 network. In the topology below, an enterprise sets up a Hillstone security device as the export gateway to connect internal network with the Internet. The internal network is deployed with IPv6 addresses and the external network is deployed with IPv4 addresses. With the ALG function configured, the internal SIP UC1 and the external SIP UC3 can successfully establish communication with each other.

Before You Start

Before starting the configuration, you need to ensure that the configuration of the SIP Server and the SIP user agent (SIP UC) has been completed. This example only describes the relevant configuration on the device.

Configuration Steps of Scenario 1

Step 1: Configure the interface and zone.

hostname(config)# interface ethernet0/1

hostname(config-if-eth0/1)# zone trust

hostname(config-if-eth0/1)# ipv6 enable

hostname(config-if-eth0/1)# ipv6 address 2001::1/64

hostname(config-if-eth0/1)# exit

hostname(config)# interface ethernet0/2

hostname(config-if-eth0/2)# zone untrust

hostname(config-if-eth0/2)# ipv6 enable

hostname(config-if-eth0/2)# ipv6 address 2003::1/64

hostname(config-if-eth0/2)# exit

Step 2: Configure the policy.

hostname(config)# rule id 1 from ipv6-any to ipv6-any service sip permit

Rule id 1 is created

hostname(config-policy)# rule id 1

hostname(config-policy-rule)# src-zone trust

hostname(config-policy-rule)# dst-zone untrust

hostname(config-policy-rule)# exit

Step 3: Enable the ALG function of SIP.

hostname(config)# alg sip

Note: The ALG function of SIP is enabled by default.

Step 4: Verify result.

View the information of media pinhole. Total pinhole count is 5, including 1 register pinhole and 4 media pinhole.

hostname# show pinhole

Total pinhole count in D-Plane: 5

[Pinhole0]========================================

Seq 10

App SIP MEDIA (id:875)

Flag: Enabled,

[Ingress info]---------------------------------------------------

Zone trust (id:2)

Flow0 (ifid 0) :::any -> 2003::2:5001

[Egress info]----------------------------------------------------

Zone untrust (id:3)

Flow1 (ifid 0) 2003::2:5001 -> :::any

[Life info]------------------------------------------------------

After_hit 600

Before_hit 120

Timer 217

[Other info]-----------------------------------------------------

Auth_user_id 0

Configuration Steps of Scenario 2

Step 1: Configure the interface and zone.

hostname(config)# interface ethernet0/1

hostname(config-if-eth0/1)# zone trust

hostname(config-if-eth0/1)# ip address 192.168.1.1/24

hostname(config-if-eth0/1)# exit

hostname(config)# interface ethernet0/2

hostname(config-if-eth0/2)# zone untrust

hostname(config-if-eth0/2)# ipv6 enable

hostname(config-if-eth0/2)# ipv6 address 2003::1/64

hostname(config-if-eth0/2)# exit

Step 2: Configure the policy.

hostname(config)# rule id 1 from any to any service sip permit

Rule id 1 is created

hostname(config-policy)# rule id 1

hostname(config-policy-rule)# src-zone trust

hostname(config-policy-rule)# dst-zone untrust

hostname(config-policy-rule)# exit

Step 3: Configure the NAT rule.

hostname(config)# nat

hostname(config-nat)# snatrule id 1 from any to 192.168.1.10 service any trans-to 2003::10 mode dynamicport

rule ID=1

hostname(config-nat)# dnatrule id 1 from any to 192.168.1.10 service any trans-to ip 2003::3

rule ID=1

hostname(config-nat)# exit

Step 4: Enable the ALG function of SIP.

hostname(config)# alg sip

Note: The ALG function of SIP is enabled by default.

Step 5: Verify result.

View the information of media pinhole. Total pinhole count is 5, including 1 register pinhole and 4 media pinhole.

hostname# show pinhole

Total pinhole count in D-Plane: 5

[Pinhole 1]============================================================

Seq 15

App SIP MEDIA (id:875)

Flag: Enabled,

[Ingress info]---------------------------------------------------

Zone untrust (id:3)

Flow0 (ifid 0) :::any -> 2003::10:1025

[Egress info]----------------------------------------------------

Zone trust (id:2)

Flow1 (ifid 31) 192.168.1.2:5002 -> 192.168.1.10:any

[Life info]------------------------------------------------------

After_hit 600

Before_hit 120

Timer 38

[Other info]-----------------------------------------------------

Auth_user_id 0

Configuration Steps of Scenario 3

Step 1: Configure the interface and zone.

hostname(config)# interface ethernet0/1

hostname(config-if-eth0/1)# zone trust

hostname(config-if-eth0/1)# ipv6 enable

hostname(config-if-eth0/1)# ipv6 address 2002::1/64

hostname(config-if-eth0/1)# exit

hostname(config)# interface ethernet0/2

hostname(config-if-eth0/2)# zone untrust

hostname(config-if-eth0/2)# ip address 192.168.2.1/24

hostname(config-if-eth0/2)# exit

Step 2: Configure the policy.

hostname(config)# rule id 1 from ipv6-any to ipv6-any service sip permit

Rule id 1 is created

hostname(config-policy)# rule id 1

hostname(config-policy-rule)# src-zone trust

hostname(config-policy-rule)# dst-zone untrust

hostname(config-policy-rule)# exit

Step 3: Configure the NAT rule.

hostname(config)# nat

hostname(config-nat)# snatrule id 1 from ipv6-any to 2001::10 service any trans-to 192.168.2.10 mode dynamicport

rule ID=1

hostname(config-nat)# dnatrule id 1 from ipv6-any to 2001::10 service any trans-to ip 192.168.2.3

rule ID=1

hostname(config-nat)# exit

Step 4: Enable the ALG function of SIP.

hostname(config)# alg sip

Note: The ALG function of SIP is enabled by default.

Step 5: Verify result.

View the information of media pinhole. Total pinhole count is 5, including 1 register pinhole and 4 media pinhole.

SG-6000# show pinhole

Total pinhole count in D-Plane: 5

[Pinhole1]====================================================

Seq 36

App SIP MEDIA (id:875)

Flag: Enabled,

[Ingress info]---------------------------------------------------

Zone trust (id:2)

Flow0 (ifid 0) 0.0.0.0:any -> 192.168.2.10:5002

[Egress info]----------------------------------------------------

Zone trust (id:2)

Flow1 (ifid 31) 2001::2:5002 -> 2001::10:any

[Life info]------------------------------------------------------

After_hit 600

Before_hit 120

Timer 107

[Other info]-----------------------------------------------------

Auth_user_id 0