UDP and TCP Firewall Traversal problems

	Using UDP all of B’s responses and packets are filtered out by the firewall and there is no session!
	Using TCP for SIP enables the session to be setup, but B’s RTP packets are still filtered out by the firewall!

Transcript

[slide375] Well, okay. So we managed to get our INVITE sent out through the firewall. It reached the user agent. We got back the ringing message. We got the UDP message coming back. But what happens? Oops. The RTP packets hit the firewall. They don't get forwarded in. Why not? There was no, well, there may be no forwarding of UDP traffic through the firewall at all, but the problem is it didn't know about them. It has no idea what the port numbers are because it didn't know what was in the SDP. Right? So if it can't look at the SDP, it has no idea that it should let them come back in. Now if we use TCP, what happens? Well, TCP goes out. We establish now the path back in. Everything looks okay. We can send our UDP packets out. Oops. The replies coming from the party we're talking to all get stopped at this [firewall]. Again, if the firewall doesn't know that there are UDP packets on a particular port that it should let through, it's going to drop them. So it's really sort of you're damned if you do and you're really confused if you don't. Right? So if you send UDP traffic, it all just doesn't work at all. If you send TCP for your SIP, it looks like the signaling worked. Media is going in one direction, but I can't hear anything that the other person said. Oops.