ADC

Application Layer Gateway for SIP Protocol

Using DS-Lite with Session Initiation Protocol (SIP) is complicated, because SIP messages contain IP addresses in the SIP headers as well as in the SIP body. When LSN is used with SIP, the SIP headers contain information about the caller and the receiver, and the device translates this information to hide it from the outside network. The SIP body contains the Session Description Protocol (SDP) information, which includes IP addresses and port numbers for transmission of the media. SIP ALG for DS-Lite is compliant with RFC 3261, RFC 3581, RFC 4566, and RFC 4475.

Note

SIP ALG is supported in a Citrix ADC standalone appliance, in a Citrix ADC high availability setup, as well as in a Citrix ADC cluster setup.

Limitations of SIP ALG

SIP ALG for DS-Lite has the following limitations:

  • Only SDP payload is supported.
  • The following are not supported:
    • Multicast IP addresses
    • Encrypted SDP
    • SIP TLS
    • FQDN translation
    • SIP layer authentication
    • Admin partitions
    • Multipart body
    • Line folding

Configuring SIP ALG

You need to configure the SIP ALG as part of the LSN configuration. For instructions on configuring LSN, see Configuring DS-Lite. While configuring LSN, make sure that you:

  • Set the following parameters while adding an LSN application profile:

    • IP Pooling = PAIRED
    • Address and Port Mapping = ENDPOINT-INDEPENDENT
    • Filtering = ENDPOINT-INDEPENDENT
  • Create a SIP ALG profile and make sure that you define either the source port range or destination port range. Bind the SIP ALG profile to the LSN group
  • Enable SIP ALG in the LSN group

To enable SIP ALG for an LSN configuration by using the CLI

At the command prompt, type:

add lsn group <groupname> -clientname <string>[-sipalg ( ENABLED | DISABLED )]

show lsn group<groupname>
<!--NeedCopy-->

To enable SIP ALG for an LSN configuration by using the CLI

At the command prompt, type:

add lsn sipalgprofile<sipalgprofilename>[-dataSessionIdleTimeout<positive_integer>][-sipSessionTimeout<positive_integer>][-registrationTimeout<positive_integer>][-sipsrcportrange<port[-port]>][-sipdstportrange<port[-port]>][-openRegisterPinhole ( ENABLED | DISABLED )][-openContactPinhole ( ENABLED | DISABLED )][-openViaPinhole ( ENABLED | DISABLED )][-openRecordRoutePinhole ( ENABLED | DISABLED )]-sipTransportProtocol ( TCP | UDP )[-openRoutePinhole ( ENABLED | DISABLED )][-rport ( ENABLED | DISABLED )]

show lsn sipalgprofile<sipalgprofilename>
<!--NeedCopy-->

Sample Configuration

The following sample DS-Lite configuration, SIP ALG is enabled for TCP traffic from B4 devices in the network 2001:DB8::3:0/96.

add lsn client LSN-DSLITE-CLIENT-1
Done
bind lsn client LSN-DSLITE-CLIENT-1 -network6 2001:DB8::3:0/96
Done
add lsn pool LSN-DSLITE-POOL-1
Done
bind lsn pool LSN-DSLITE-POOL-1 203.0.113.61 - 203.0.113.70
Done
add lsn ip6profile LSN-DSLITE-PROFILE-1 -type DS-Lite -network6 2001:DB8::5:6
Done
add lsn appsprofile LSN-DSLITE-APPS-PROFILE-1 TCP -ippooling PAIRED –mapping ENDPOINT-INDEPENDENT -filtering ENDPOINT-INDEPENDENT
Done
add lsn sipalgprofile SIPALGPROFILE-1  -sipdstportrange 5060 -sipTransportProtocol TCP
Done
add lsn group LSN-DSLITE-GROUP-1 -clientname LSN-DSLITE-CLIENT-1 -portblocksize 1024 -ip6profile LSN-DSLITE-PROFILE-1 -sipalg ENABLED
Done
bind lsn group LSN-DSLITE-GROUP-1 -poolname LSN-DSLITE-POOL-1
Done
bind lsn group LSN-DSLITE-GROUP-1 -appsprofilename LSN-DSLITE-APPS-PROFILE-1
Done
bind lsn group LSN-DSLITE-GROUP-1 -sipalgprofilename SIPALGPROFILE-1
Done
<!--NeedCopy-->
Application Layer Gateway for SIP Protocol