The example I gave was going over a VPN with tunnel terminating in the trusted zone. Put the polices how our traffic traverse through the netscreen. I would config a policy for trust to untrust traffic and for untrust to trust or untrust to global if you have MIPing going on.
-chip -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark Johnson Sent: Thursday, November 10, 2005 12:09 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [Asterisk-Users] SIP and VPN Lists Pleasants wrote: >ScreenOS 5.0x and 5.1x has some issues wit SIP. Try the policies I have >listed below. > >set policcy id 1001 from "Trust" to "Trust" "Local" "Remote" "SIP" >permit log count >set policy id 1001 application "IGNORE" >set policy id 1002 from "Trust" to "Trust" "Remote" "Local" "SIP" >permit log count >set policy id 1002 application "IGNORE" > >I am running 5.2r1 without any issues but I have turned off any >application deep scanning. > >unset alg sql >unset alg q931 >unset alg h245 >unset alg ras >unset alg sip > >-Chip > > > > Why do you go from Trust to Trust in your policies? I tried that and the phone won't work at all. The only way to get it to register is for me to put Remote as an Untrust zone. Thanks! Mark _______________________________________________ --Bandwidth and Colocation sponsored by Easynews.com -- Asterisk-Users mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users _______________________________________________ --Bandwidth and Colocation sponsored by Easynews.com -- Asterisk-Users mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
