<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:Wingdings;
        panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
        {font-family:Wingdings;
        panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";
        mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
        {mso-style-priority:34;
        margin-top:0cm;
        margin-right:0cm;
        margin-bottom:0cm;
        margin-left:36.0pt;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";
        mso-fareast-language:EN-US;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Arial","sans-serif";
        color:windowtext;
        font-weight:normal;
        font-style:normal;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri","sans-serif";
        mso-fareast-language:EN-US;}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
        {page:WordSection1;}
/* List Definitions */
@list l0
        {mso-list-id:435488750;
        mso-list-type:hybrid;
        mso-list-template-ids:1607094184 336134159 336134169 336134171 336134159 336134169 336134171 336134159 336134169 336134171;}
@list l0:level1
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l0:level2
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l0:level3
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l0:level4
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l0:level5
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l0:level6
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
@list l0:level7
        {mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l0:level8
        {mso-level-number-format:alpha-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:left;
        text-indent:-18.0pt;}
@list l0:level9
        {mso-level-number-format:roman-lower;
        mso-level-tab-stop:none;
        mso-level-number-position:right;
        text-indent:-9.0pt;}
ol
        {margin-bottom:0cm;}
ul
        {margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-NZ" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial","sans-serif"">Hi<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial","sans-serif"">New to Kamailio and FreeSwitch, loosely familiar with SIP mechanics, and not a complete network idiot… but please be gentle.
</span><span style="font-size:12.0pt;font-family:Wingdings">J</span><span style="font-size:12.0pt;font-family:"Arial","sans-serif""><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial","sans-serif"">We’re trying to get Kamailio set up in front of a FreeSwitch-based SIP application server, to do some simple policy controls and, using one of the RTP proxy modules, to help
 handle the media side of things. Our SIP trunks come from our provider on a VLAN addressed as 10.x, and they provide an upstream proxy/media server (10.y address). The link also carries Internet traffic so we’re running it through a Cisco ASA which breaks
 out the VLANs and static NATs the SIP stuff to our DMZ (10.z address). This is where we want to put the Kamailio box, where it should receive the calls and route them back through the ASA to the internal address (10.w range – all 10.w/x/y/z are separate, non-overlapping
 networks).<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial","sans-serif"">Outbound calls from the application server (there are very few) should pass back up to Kamailio which will validate the numbers against an approved list (the app should only
 dial a subset of numbers) and pass them to the upstream proxy if necessary. We need to ensure that inbound calls from outside trombone through our application server so that the caller doesn’t get billed for any calls, but this should be the default I think
 as that side of things is handled by FS (the app stands up a new call and bridges it to the incoming). This topology should allow us to use Kamailio to hide details of the FS app from the outside world, and make life easier for the app developer who should
 just send/receive to the Kamailio box with no further thought or complexity.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial","sans-serif"">If we put the FreeSwitch box in the DMZ where we want to put Kamailio, and then turn on SIP packet inspection in the ASA, calls flow but quality is poor for some callers. If
 we turn off SIP packet inspection, we get no audio – I can’t find any clear Cisco documentation for this but I think the SIP inspection stuff in the ASA seems to handle RTP NAT fixups and the like too. But with no docs it may as well be magic, and I want to
 remove it if possible. With Kamailio in the DMZ and FS internal, we loosely followed
<a href="http://kb.asipto.com/freeswitch:kamailio-3.3.x-freeswitch-1.2.x-sbc">http://kb.asipto.com/freeswitch:kamailio-3.3.x-freeswitch-1.2.x-sbc</a> and hacked out the voicemail and Lua stuff, but couldn’t get calls to flow, whether or not we used the SIP
 inspection on the ASA. We were confused why this example isn’t define as WITH_NAT and doesn’t use a local RTP proxy. Surely that would be needed?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial","sans-serif"">Questions:<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-size:12.0pt;font-family:"Arial","sans-serif""><span style="mso-list:Ignore">1.<span style="font:7.0pt "Times New Roman"">   
</span></span></span><![endif]><span style="font-size:12.0pt;font-family:"Arial","sans-serif"">Should the proposed topology, with Kamailio + an RTP proxy behind a firewall, relaying to FS on an inside interface, work? (Can’t see why not)<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-size:12.0pt;font-family:"Arial","sans-serif""><span style="mso-list:Ignore">2.<span style="font:7.0pt "Times New Roman"">   
</span></span></span><![endif]><span style="font-size:12.0pt;font-family:"Arial","sans-serif"">Does it need a local RTP proxy on the Kamailio box, particularly if we turn off the ASA SIP inspect stuff?<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-size:12.0pt;font-family:"Arial","sans-serif""><span style="mso-list:Ignore">3.<span style="font:7.0pt "Times New Roman"">   
</span></span></span><![endif]><span style="font-size:12.0pt;font-family:"Arial","sans-serif"">Can you recommend which RTP proxy to use? There seem to be at least 3 that work with Kamailio. The box is CentOS 6.5, and it would be nice to use known-to-work packages
 rather than compile from source. (But eh, if I haveta).<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-size:12.0pt;font-family:"Arial","sans-serif""><span style="mso-list:Ignore">4.<span style="font:7.0pt "Times New Roman"">   
</span></span></span><![endif]><span style="font-size:12.0pt;font-family:"Arial","sans-serif"">Can anyone point me to some docs to explain what ports need to be open between the Kamailio box and my upstream proxy/media server? I can be more liberal between
 inside and DMZ I guess.<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-size:12.0pt;font-family:"Arial","sans-serif""><span style="mso-list:Ignore">5.<span style="font:7.0pt "Times New Roman"">   
</span></span></span><![endif]><span style="font-size:12.0pt;font-family:"Arial","sans-serif"">Is static NAT in this environment going to bite me, or should it be OK?<o:p></o:p></span></p>
<p class="MsoListParagraph" style="text-indent:-18.0pt;mso-list:l0 level1 lfo1"><![if !supportLists]><span style="font-size:12.0pt;font-family:"Arial","sans-serif""><span style="mso-list:Ignore">6.<span style="font:7.0pt "Times New Roman"">   
</span></span></span><![endif]><span style="font-size:12.0pt;font-family:"Arial","sans-serif"">Is there any better documentation that we should be using to make this easier, or should I just man up and try harder?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial","sans-serif""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial","sans-serif"">TIA<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:12.0pt;font-family:"Arial","sans-serif"">Sean<o:p></o:p></span></p>
</div>
<table style="color: rgb(0, 0, 0);" border="0" cellpadding="2" cellspacing="0" width="474">
<tbody>
<tr>
<td valign="top" width="72"><a href="http://blindfoundation.org.nz/support-us/redpuppyappeal/street-appeal?utm_source=Red%20Puppy%20Appeal&utm_medium=Email&utm_campaign=Staff%20Signature"><img style="BACKGROUND-IMAGE: none; BORDER-RIGHT-WIDTH: 0px; PADDING-LEFT: 0px; PADDING-RIGHT: 0px; BORDER-TOP-WIDTH: 0px; BORDER-BOTTOM-WIDTH: 0px; BORDER-LEFT-WIDTH: 0px; PADDING-TOP: 0px" title="" alt="guide dog puppy Gordy in a Red Puppy street appeal bucket." src="http://blindfoundation.org.nz/uploads/Email_Gordy.png" border="0"></a></td>
<td valign="top" width="400"><br><font face="Arial" size="3">Volunteer for our<font color="#000000"> </font></font><a href="http://blindfoundation.org.nz/support-us/redpuppyappeal/street-appeal?utm_source=Red%20Puppy%20Appeal&utm_medium=Email&utm_campaign=Staff%20Signature"><font color="#000000" face="Arial" size="3">Red Puppy street appeal</font></a><font face="Arial" size="3"> </font><br><font face="Arial" size="3">to help puppies like Gordy </font><br><font face="Arial" size="3">become guide dogs.</font></td></tr></tbody></table>
<p><font face="Arial" size="3">Follow us on <font color="#000000"><a href="http://www.facebook.com/rnzfb"><font color="#000000">Facebook</font></a> </font>and <a href="http://www.twitter.com/BlindNZ"><font color="#000000">Twitter</font></a></font></p>
<div><p><font size="2">#############################################################################<br>This email, including any attachments, is intended solely for the addressee(s)<br>It is confidential and may be legally privileged.  <br>If you are not the intended recipient, you must not copy, disclose, distribute<br>or otherwise use it or the information in it. Please notify the sender at once<br>and delete it from your system immediately.  <br>Any views or opinions expressed are solely those of the author and do not <br>necessarily represent those of the Blind Foundation. <br>The Blind Foundation does not accept responsibility for any viruses or other <br>malicious code that may be transmitted with this email.<br>#############################################################################</font></p>
<p><font size="2"></font> </p>
</div>

</body>
</html>