CCNA Case Study Vinay Godugu
Transcript of CCNA Case Study Vinay Godugu
-
8/8/2019 CCNA Case Study Vinay Godugu
1/38
Due Date: 13th
week
Submitted: 13th week
Prepared by: VinayGodugu and SushenMathur
Student Number: n7067283 and n7257147
-
8/8/2019 CCNA Case Study Vinay Godugu
2/38
Page | 1
Executive summary
The aim of this report is to provide ABC Company with a new network design and its
implementation. It summarizes the planning and deploying when designing a network for ABC
Company. A new network design for ABC co. for all its all users has been provided by meeting all the
services required such as VOIP, Email server access, Departmental server access and internet. This
report provides with a generic, flexible and robust network design approach. This is addressed with
first part of the report providing Design, Implementation and configuration according to the
specifications followed by topology map, new network design architecture with all the critically
identified applications. The following sections details about the new architecture considered,
topology design, addressing and routing schemes used. In the last part of the report the issues
related to VOIP implementation is been discussed.
-
8/8/2019 CCNA Case Study Vinay Godugu
3/38
Page | 2
Table of Contents
Executive summary ................................ ................................ ................................ ............................ 1
1. Introduction ................................ ................................ ................................ ............................... 3
2. Project Overview................................ ................................ ................................ ........................ 3
2.1.1. Current Network Situation ................................ ................................ .............................. 4
2.1.2. Future Development................................ ................................ ................................ ....... 4
3. Network Design ................................ ................................ ................................ ......................... 4
3.1 Propose Network Architecture ................................ ................................ ........................... 5
3.1.1 Routing Protocol and Authentication ................................ ................................ .......... 5
3.2.4 IP scheme ................................ ................................ ................................ ................... 6
4. Configuration (Propo sal Network Configuration Design) ................................ ........................... 7
4.1 Layer 3Network Topology ................................ ................................ ................................ ... 7
4.2 Prototype Network Implementation ................................ ................................ ................... 8
4.3. DHCP Configuration ................................ ................................ ................................ ................ 8
5. Investigation of the Network Related Issues with VoIP Implementation ................................ ... 33
6. The VoIP implementation issues related to Firewall/NAT: ................................ ........................ 34
6.1 NAT (Network Address Translation) ................................ ................................ .................... 34
6.2Firewall ................................ ................................ ................................ ............................... 34
6.3 Findings & Recommendations ................................ ................................ ................................ 34
References................................ ................................ ................................ ................................ ....... 37
Table of Figures
Fig 1. Current Network Scenario..4
Fig 2. Physical Network Diagram..5
Fig 3. Layer 3 Logical Diagram.7
Fig 4. Implementation Diagram.8
Fig 5. Session Border controller (Check point software Technologies).16
Fig 6.SIP(Session Initiation protocol).17
-
8/8/2019 CCNA Case Study Vinay Godugu
4/38
Page | 3
1. Introduction
As a Network Engineer for a small organization we are to redesign its existing network with the
company forecasting its growth to rapidly increase in next 10 years and wants to make its network
more scalable and even eventful for future growth. The company has a confined network having HR,
Purchasing, Sales and Warehouse departments and the employees are allowed access to the
internet and company email server. The company has also implemented a wireless network for
casual staff and intends to deploy VoIP throughout the organization in near future. The redesigning
of network is being done taking all the requirements into consideration giving double the no of hosts
in every department distributed across individual switch. A wireless access point is installed for the
casual staff to get connected through their portable devices and internal VoIP for the sales and ware
house department is to be set up keeping the scalability and availability into focus. The email server
and the web server for the wired workstation connections is connected to the NAT router.
2. Project OverviewIn order to meet the requirements on future development, a new network architecture has been
designed and accordingly the IP addresses has been allocated. This report will discuss on the
configuration and implementation of that newly design network and also the issues related to VoIP
implementations in NAT/Firewalls.
ABC company Number of Users ( at present) Number of Users (Expected
in next 5 years)
Human Resource Users 20 40
Purchasing Users 20 40
Sales Users 20 40
Warehouse Users 20 40
Casual staff 25 50
Total number of users 105 210
Table 1.ABC Company users
.
-
8/8/2019 CCNA Case Study Vinay Godugu
5/38
Page | 4
2.1.1. Current Network Situation
.
Fig 1. Current Network Scenario
2.1.2.Future DevelopmentThe organizations business is projected to grow by 100 % in the next 5 years and a network is
needed to be designed in accordance to it. All the users are allowed to connect to the Internet
using the NAT Pool addresses. The organizations email server is also connected to the Internet
using the static NAT IP address. The company is planning to deploy VoIP on the new network.
Decision has been made to first implement the internal VoIP network in the Sales department
and the Warehouse at the trial stage to allow users in both departments to communicate
internally.
3.Network DesignThe current network topology of the organization is bound to serve a small organization with no
scope of growth. As stated in the requirements that the companys growth is expected to be
100% in the next 5 years. For this the new design of the net work allows the requirement of
future growth, At the access layer, all VLANs are configured on every switch, so that users from
each department can be distributed across all switches. There are two Wireless Access Points,
for casual staff to connect their wireless devices. VoIP services is been installed for Sales
department and Warehouse and can be expanded to all the departments. We have provided
separate server for email and internet access through the NAT router for wired workstation
users. The NAT router and the WLAN is connected to external firewall.
-
8/8/2019 CCNA Case Study Vinay Godugu
6/38
Page | 5
3.1Propose Network ArchitecturePhysical Network Diagram
Fig 2. Physical Network Diagram
3.1.1 Routing Protocol and Authentication
Routing is the process of choosing the best path over the networks. Variety of metrics can be
used to define the best path. Some routing protocols use only one metric such as RIP (Routing
Information protocol) use Hop count and some use more than one metric such as IGRP (Interior
Gateway Routing Protocol) use bandwidth, delay, load, reliability, and maximum transmission
unit (MTU). The recommended routing protocols should be simple and efficient. The Maccabe
suggested the best choice is to:
(1) Minimize the number of routing protocols used in the network. Two should be the maximum
number of protocols allowed, with only one IGP.
(2) Start with the simplest routing strategy and routing mechanism/protocol.
(3) As the complexity in routing and choices of routing protocols increase, re-evaluate the
previous decisions.
-
8/8/2019 CCNA Case Study Vinay Godugu
7/38
Page | 6
Different routing protocols can be used in the ABC Co. network. The external routers which are
connected between two different sub-networks need to be routed with simple routing protocols
because they can be routed easily and efficient. In this network possible best routing protocols
are RIP, IGRP and OSPF. By considering their characteristics, the best suitable routing protocol
can be implemented.
3.2.4 IP scheme
As per the requirement, the network growth should be supported and designed in such a way
that there should be minimum wastage of IP addresses. So, the method used for sub-netting is
VLSM (Variable Length Subnet Masking) for users in this new network. By considering the 100%
growth in the next 5yrs, the addresses are allocated to different users.
New networkIP
addressUsers No. of
Hosts
Subnet Network mask First Address Last Address
Human
resources
40 192.168.0.0 255.255.255.192 192.168.0.1 192.168.0.63
Purchasing 40 192.168.0.64 255.255.255.192 192.168.0.65 192.168.0.126
Sales 40 192.168.0.128 255.255.254.192 192.168.0.129 192.168.0.190
Warehouse 40 192.168.0.192 255.255.254.192 192.168.0.193 192.168.0.254
Casual staff 50 192.168.1.0 255.255.254.128 192.168.1.1 192.168.1.63
Reserved Addresses 192.168.1.65to 192.168.1.255
Users Vlan Network mask IP Address
Human
resources
Vlan11 255.255.255.192 192.168.0.1
Purchasing Vlan21 255.255.255.192 192.168.0.65
Sales VLan31 255.255.254.192 192.168.0.129
Warehouse Vlan41 255.255.254.192 192.168.0.193
Casual staff Vlan51 255.255.254.128 192.168.1.1
VoIP Server Vlan61 255.255.254.128 192.168.1.65
Table 2. VLAN Addresses
-
8/8/2019 CCNA Case Study Vinay Godugu
8/38
4. Configuration (Proposal Network Configuration Design)4.1
Layer3
NetworkT
opology
Fig 3. Layer 3 Logical Diagram
-
8/8/2019 CCNA Case Study Vinay Godugu
9/38
Page | 8
4.2 Prototype Network Implementation
Fig 4. Implementation Diagram
4.3. DHCP Configuration
R1#sh run
Building configuration...
Current configuration : 2512 bytes
!
version 12.4
service timestamps debug datetimemsec
service timestamps log datetimemsec
no service password-encryption
!
ISP Router
-
8/8/2019 CCNA Case Study Vinay Godugu
10/38
Page | 9
hostname R1
!
boot-start-marker
boot-end-marker
!
!
noaaa new-model
memory-sizeiomem 15
no network-clock-participate slot 1
no network-clock-participate wic 0
ipcef
!
!
noipdhcp use vrf connected
ipdhcp excluded-address 192.168.1.1
ipdhcp excluded-address 192.168.1.65
ipdhcp excluded-address 192.168.1.129
ipdhcp excluded-address 192.168.1.193
ipdhcp excluded-address 192.168.0.1
ipdhcp excluded-address 192.168.0.65
ipdhcp excluded-address 192.168.0.193
ipdhcp excluded-address 192.168.0.129
!
-
8/8/2019 CCNA Case Study Vinay Godugu
11/38
Page | 10
ipdhcp pool human_resource
network 192.168.0.0 255.255.255.192
default-router 192.168.0.1
!
ipdhcp pool Purchasing
network 192.168.0.64 255.255.255.192
default-router 192.168.1.65
!
ipdhcp pool Sales
network 192.168.0.128 255.255.255.192
default-router 192.168.1.129
!
ipdhcp pool warehouse
network 192.168.0.192 255.255.255.192
default-router 192.168.1.193
!
ipdhcp pool VoIP
network 192.168.1.0 255.255.255.192
default-router 192.168.0.1
!
ipdhcp pool wireless
network 192.168.1.64 255.255.255.192
default-router 192.168.1.65
-
8/8/2019 CCNA Case Study Vinay Godugu
12/38
Page | 11
!
!
ipauth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
-
8/8/2019 CCNA Case Study Vinay Godugu
13/38
Page | 12
!
!
!
!
!
interface Loopback0
noip address
!
interface FastEthernet0/0
ip address 192.168.1.241 255.255.255.252
ipnat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface Serial0/0
ip address 130.10.10.1 255.255.255.248
ip access-group 140 in
ip access-group 130 out
ipnat outside
ip virtual-reassembly
no fair-queue
!
-
8/8/2019 CCNA Case Study Vinay Godugu
14/38
Page | 13
interface FastEthernet0/1
noip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
noip address
!
routereigrp 1
redistribute static
network 192.168.0.0
network 192.168.1.0
network 192.168.99.0 0.0.0.3
no auto-summary
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 Serial0/0
!
!
ip http server
noip http secure-server
ipnat pool test 130.10.10.3 130.10.10.6 netmask 255.255.255.248
-
8/8/2019 CCNA Case Study Vinay Godugu
15/38
Page | 14
ipnat inside source list yes pool test overload
ipnat inside source static 192.168.243.0 130.10.10.2
!
ip access-list standard yes
permit 192.168.0.0 0.0.1.255 log
!
access-list 130 permit tcp 130.10.10.0 0.0.0.7 any eq www
access-list 130 permit tcp 130.10.10.0 0.0.0.7 any eq 443
access-list 130 permit tcp 130.10.10.0 0.0.0.7 any eq 443
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
-
8/8/2019 CCNA Case Study Vinay Godugu
16/38
Page | 15
line con 0
line aux 0
linevty 0 4
login
!
!
End
Router (ISP) Configuration:
ISP#sh run
Building configuration...
Current configuration : 898 bytes
!
version 12.3
service timestamps debug datetimemsec
service timestamps log datetimemsec
no service password-encryption
!
hostname ISP
!
boot-start-marker
boot-end-marker
!
-
8/8/2019 CCNA Case Study Vinay Godugu
17/38
Page | 16
!
username R1 password 0 111
memory-sizeiomem 15
no network-clock-participate slot 1
no network-clock-participate wic 0
noaaa new-model
ip subnet-zero
ipcef
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
-
8/8/2019 CCNA Case Study Vinay Godugu
18/38
Page | 17
!
!
!
interface Loopback0
ip address 111.111.111.111 255.255.255.0
!
interface FastEthernet0/0
ip address 2.2.2.1 255.255.255.0
shutdown
duplex auto
speed auto
!
interface Serial0/0
ip address 130.10.10.6 255.255.255.248
clockrate 64000
!
interface Serial0/1
noip address
shutdown
!
interface Serial0/2
noip address
shutdown
-
8/8/2019 CCNA Case Study Vinay Godugu
19/38
Page | 18
!
interface Serial0/3
noip address
shutdown
!
ip http server
ip classless
ip route 130.10.10.0 255.255.255.248 Serial0/0
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
linevty 0 4
login
!
!
-
8/8/2019 CCNA Case Study Vinay Godugu
20/38
Page | 19
End
Switch Configuration:
hostname Distribution-Switch
!
boot-start-marker
boot-end-marker
!
!
noaaa new-model
systemmtu routing 1500
ip subnet-zero
ip routing
!
!
!
!
cryptopkitrustpoint TP-self-signed-3287407744
enrollmentselfsigned
subject-namecn=IOS-Self-Signed-Certificate-3287407744
revocation-check none
rsakeypair TP-self-signed-3287407744
!
!
-
8/8/2019 CCNA Case Study Vinay Godugu
21/38
Page | 20
cryptopki certificate chain TP-self-signed-3287407744
certificate self-signed 01
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport trunk native vlan 99
switchport mode trunk
!
interface FastEthernet0/2
noswitchport
ip address 192.168.1.242 255.255.255.252
-
8/8/2019 CCNA Case Study Vinay Godugu
22/38
Page | 21
!
interface FastEthernet0/3
switchport mode dynamic desirable
!
interface FastEthernet0/4
switchport mode dynamic desirable
!
interface FastEthernet0/5
switchport mode dynamic desirable
!
interface FastEthernet0/6
switchport mode dynamic desirable
!
interface FastEthernet0/7
switchport mode dynamic desirable
!
interface FastEthernet0/8
switchport mode dynamic desirable
!
interface FastEthernet0/9
switchport mode dynamic desirable
!
interface FastEthernet0/10
-
8/8/2019 CCNA Case Study Vinay Godugu
23/38
Page | 22
switchport mode dynamic desirable
!
interface FastEthernet0/11
switchport mode dynamic desirable
!
interface FastEthernet0/12
switchport mode dynamic desirable
!
interface FastEthernet0/13
switchport mode dynamic desirable
!
interface FastEthernet0/14
switchport mode dynamic desirable
!
interface FastEthernet0/15
switchport mode dynamic desirable
!
interface FastEthernet0/16
switchport mode dynamic desirable
!
interface FastEthernet0/17
switchport mode dynamic desirable
!
-
8/8/2019 CCNA Case Study Vinay Godugu
24/38
Page | 23
interface FastEthernet0/18
switchport mode dynamic desirable
!
interface FastEthernet0/19
switchport mode dynamic desirable
!
interface FastEthernet0/20
switchport mode dynamic desirable
!
interface FastEthernet0/21
switchport mode dynamic desirable
!
interface FastEthernet0/22
switchport mode dynamic desirable
!
interface FastEthernet0/23
switchport mode dynamic desirable
!
interface FastEthernet0/24
switchport mode dynamic desirable
!
interface FastEthernet0/25
!
-
8/8/2019 CCNA Case Study Vinay Godugu
25/38
Page | 24
interface FastEthernet0/26
!
interface FastEthernet0/27
!
interface FastEthernet0/28
!
interface FastEthernet0/29
!
interface FastEthernet0/30
!
interface FastEthernet0/31
!
interface FastEthernet0/32
!
interface FastEthernet0/33
!
interface FastEthernet0/34
!
interface FastEthernet0/35
!
interface FastEthernet0/36
!
interface FastEthernet0/37
-
8/8/2019 CCNA Case Study Vinay Godugu
26/38
Page | 25
!
interface FastEthernet0/38
!
interface FastEthernet0/39
!
interface FastEthernet0/40
!
interface FastEthernet0/41
!
interface FastEthernet0/42
!
interface FastEthernet0/43
!
interface FastEthernet0/44
!
interface FastEthernet0/45
!
interface FastEthernet0/46
!
interface FastEthernet0/47
!
interface FastEthernet0/48
!
-
8/8/2019 CCNA Case Study Vinay Godugu
27/38
Page | 26
interface GigabitEthernet0/1
switchport mode dynamic desirable
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
!
interface Vlan1
noip address
shutdown
!
interface Vlan11
ip address 192.168.0.1 255.255.255.192
ip helper-address 192.168.1.241
!
interface Vlan21
ip address 192.168.0.65 255.255.255.192
ip helper-address 192.168.1.241
!
interface Vlan31
-
8/8/2019 CCNA Case Study Vinay Godugu
28/38
Page | 27
ip address 192.168.0.129 255.255.255.192
ip helper-address 192.168.1.241
!
interface Vlan41
ip address 192.168.0.193 255.255.255.192
ip helper-address 192.168.1.241
!
interface Vlan51
ip address 192.168.1.1 255.255.255.192
ip helper-address 192.168.1.241
!
interface Vlan61
ip address 192.168.1.65 255.255.255.192
ip helper-address 192.168.1.241
!
interface Vlan99
ip address 192.168.110.1 255.255.255.0
!
!
routereigrp 1
no auto-summary
noeigrp log-neighbor-changes
network 192.168.0.0
-
8/8/2019 CCNA Case Study Vinay Godugu
29/38
Page | 28
network 192.168.1.0
network 192.168.2.0
network 192.168.3.0
network 192.168.99.0 0.0.0.3
!
ip classless
ip http server
ip http secure-server
!
!
!
control-plane
!
!
line con 0
linevty 0 4
no login
linevty 5 15
no login
!
end
Access-switch#shrun
Building configuration...
-
8/8/2019 CCNA Case Study Vinay Godugu
30/38
Page | 29
Current configuration : 1377 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Access-switch
!
!
ip subnet-zero
!
ipssh time-out 120
ipssh authentication-retries 3
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
-
8/8/2019 CCNA Case Study Vinay Godugu
31/38
Page | 30
!
interface FastEthernet0/1
switchport trunk native vlan 99
switchport mode trunk
!
interface FastEthernet0/2
switchport access vlan 11
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 61
switchport mode access
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
-
8/8/2019 CCNA Case Study Vinay Godugu
32/38
Page | 31
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
-
8/8/2019 CCNA Case Study Vinay Godugu
33/38
Page | 32
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
noip address
noip route-cache
shutdown
!
ip http server
!
line con 0
linevty 0 4
login
-
8/8/2019 CCNA Case Study Vinay Godugu
34/38
Page | 33
linevty 5 15
login
!
!
end
5. Investigation of theNetwork Related Issues with VoIP Implementation
VoIP, or IP telephony, is a service that provides voice communication across data networks. VoIP can
be used over any IP network, e.g. Internet, Local area networks and Intranet. The way it works is that
VoIP data is first digitalized into signals appropriate for sending over the network, and vice versa
when the signal reaches its destination. The two main advantages by implementing VoIP are:
Lower Cost
At present ABCs costs of relying on a traditional telecommunication provider can be lowered by
significant amounts. The cost of this service is limited to an Internet connection, or simply the costs
linked to rental of a service providers infrastructure.
- Increased functionalityVoIP makes it possible to offer services that are impossible for a traditional
telecommunication provider. ABC can easily relocate phones without having to reconfigure
anything, which is a great feature for future growth. (LLC, 2003-2009)
This service is implemented in our design by connecting an optional number of standalone IP
phones, and in addition applications for other VoIP supported devices such as computers. This is
partly realized through improving reliability of existing network, as well as guarantee that newly
implemented networks will assure the same reliability. This service relies on at least a 90/90 Kbps
connection, which is adequate for good voice quality.
-
8/8/2019 CCNA Case Study Vinay Godugu
35/38
Page | 34
6. The VoIP implementation issues related to Firewall/NAT:6.1NAT (Network AddressTranslation)
Network address translation is used for this network design which is needed for an enterprise like
ABC co. NAT prevents the internal addresses from being publicized on the public networks like the
internet. This helps in keeping the private internal addresses secure and does not allow anyone to
know the addresses or the addressing scheme used for the internal network.
6.2Firewall
Each network has either one or numerous firewalls; this is to enhance security by packet filtering,
application gateway and more. The firewall that is located between the ISP and ABCs network is also
the source of network address translation (NAT). This is a service that hides the private network
addresses of ABC behind one or few IP addresses in the public address space. This yet again
improves the security and is an important defense against network reconnaissance.
6.3 Findings & Recommendations:
1. Firewall and NAT presents a challenge to VOIP implementers. However, there are fewsolutions to recover from these problems. On an important note all three major VOIP
protocols, SIP, H.323 and H.248 all have similar problems with NATs and firewalls. The use of
NAT may be reduced as IPv6 is adopted (Richard, Thomas and fries, 2005). VoIP issues with
firewall and NAT must deal with complexities and some are unrelated to the call setup
protocols used. NAT is commonly performed by firewalls to preserve IP addresses and hide
internal IP ports/ addresses from external and direct access. This causes issues for Voip when
endpoints negotiate ports for media exchange and they communicate with these ports to
one another in packet payloads. The RTMM (Real Time Mixed Media) must be used to
prevent latency/ jitter speed or loss of packets (Tahir and Shahzad,2010).
.
2. Making a phone call will become very complex when a NAT is introduced. The situation isanalogue to a phone network where many phones have the same number such as in a house
there will be only one line but multiple numbers can be there on one line. There are several
issues related to transmission of the media itself across the NAT including incompatability
with IPSEC (Tahir and Shahzad,2010)
-
8/8/2019 CCNA Case Study Vinay Godugu
36/38
Page | 35
Problems:
a. Simple NAT devices which are not aware of VOIP they perform NAT on the IP headersonly.
b. A VoIP packet contains private IP in the playload. Therefore VOIP sessions cannotestablish.
Solution:
a. Perform translation on IP header and the packet payload with a routable IP address (FarEND NAT).
b. Media relay until full session establishment.
Session Border Controller (SBC)
a.
SBCs have started as a solution to connectivity problems caused by NAT done bynon-VOIP aware devices (see figure1).
b. SBCs are used by carriers and at the border of their core networks they arelocated.(checkpoint technologies)
Fig5. Session Border controller (Check point software Technologies)
3. All the firewalls have to be SIP (Session Initiation Protocol) capable in order to support thewide-scale deployment of real-time communication. There are several solutions have been
proposed to work around the firewall/NAT traversal issues which limit SIP-based
communication.
-
8/8/2019 CCNA Case Study Vinay Godugu
37/38
Page | 36
Fig 6.SIP(Session Initiation protocol)
SIP ALG (Application Level Gateway)-based SIP-capable firewalls and SIP proxy based SIP-capable
firewalls are used to benefit the firewall. There are few benefits where the ALG (Application level
Gateway) take care about the LAN traffic whether it reached its destination or not but while coming
to proxy based SIP the benefits are as follows
In addition, the SIP proxy can offer benefits1 not available with the ALG architecture:
a. Far-end NAT traversal to support remote workers such as road warriors and home usersb. Encrypted SIP signaling (TLS) and media (SRTP)c. Authenticationd. Advanced filteringe. Advanced routing and control featuresf. Intelligence to enable the firewall to act as a backup for a hosted or centralized IP-PBX
4. In order to protect the VOIP and NAT traversal problem, STUN, TURN and ICE can be used.a. STUN Simple Traversal of UDP through NATs requires a STUN client on the phone
connecting to a STUN Server.
b. TURN Traversal Using Relay NAT Installation of a TURN Server as a part of requirement.c. ICE Interactive Connectivity Establishment uses STUN or TURN to solve this problem.
-
8/8/2019 CCNA Case Study Vinay Godugu
38/38
References
y Mccabe, D.J. 2007. Network analysis, architecture and design. moragankaufman publishers,Burlington : USA.
y Check point software Technologies Ltd. check point solution for secure VOIP. 2003 2007.y LLC, V.-I. (2003-2009). What is VoIP. Retrieved from VoIP-info: http://www.voip-
info.org/wiki/view/What+is+VOIP. Retreived on 2nd
October 2010.
y Richard, D. Thomas, J. W. and Fries, S. 2005. Security consideration for voice over IP systems:Recommendations of the National Institutes of standards and Technology. Special
publications 800-58, section 8 and 9.
y Shinder,D. 2007. Four obstacles to implement voip.http://articles.techrepublic.com.com/5100-10878_11-
6183187.html?part=rss&tag=feed&subj=tr. Retreived on 8th
of October 2010.
y Tahir,A. Shahzad, A. 2010. Security issues for VOIP systems.http://www.ijcns.org/papers/Vol.2_No.5/100508.pdf. Retrieved on 24
thSeptember 2010.