Differences

This shows you the differences between two versions of the page.

--- disablesipalg [2022/06/01 18:50] – created jim
+++ disablesipalg [2022/06/01 19:03] (current) – jim
@@ Line 25: / Line 25: @@
 ciscohost(config)# no ip nat service sip udp port 5060\\
 ciscohost(config)# do show run | inc nat service sip\\
-{{ :cisco-router-config_480x148.jpg?nolink&600 |}}
+{{ :cisco-router-config_480x148.jpg?nolink |}}
                                     Figure 1: Disabling SIP Inspection on a Cisco Router
@@ Line 63: / Line 63: @@
 From the main menu, find the "VoIP" option that usually appears on the left menu. While in the menu, uncheck the box for SIP - it often appears as "SIP Transformations" and then select the option to "Enable Consistent NAT". Accept the settings and reboot if prompted. Figure 2 shows an example of the SonicWall user interface on the page where these settings exist.
-{{ :sonicwall-sip-alg_480x446.jpg?nolink&600 |}}
+{{ :sonicwall-sip-alg_480x446.jpg?nolink |}}
                                     Figure 2: Disabling SIP ALG on a SonicWall Router
 Understand that although this method seems quite generalized, it is the basis for disabling SIP intervention on most SonicWall systems.
-Netgear
+**Netgear**
 Netgear has several different interfaces. As this brand is one of the most popular for home and small business networking, variation in interfaces is common due to the large number of devices made by the company. However, the following example should provide a good reference for the more common models and show you how to disable SIP ALG on your Netgear router.
@@ Line 78: / Line 79: @@
 Most models have a check-box reading something similar to "Disable SIP ALG" in figure 3 below. Check the box, apply the settings and reboot if prompted.
+{{ :netgear-sip-alg-disable.jpg?nolink |}}
+                                    Figure 3: Disabling SIP ALG on a SonicWall Router
-Figure 3: Disabling SIP ALG on a SonicWall Router
+**D-Link**
-D-Link
 Like Netgear, D-Link has a variety of different interfaces but the methodology for disabling this setting is very similar for most models. Many models are equipped with a powerful set of firewall tools so several steps must be completed to ensure SIP traffic passes beyond the device.
-Open a browser and enter the router's IP address in the address bar. Go to "Firewall Settings" under the "Advanced" item.
+Open a browser and enter the router's IP address in the address bar. Go to **"Firewall Settings"** under the **"Advanced"** item.
-Uncheck the box to disable SPI - usually, directly below this item are options for "NAT Endpoint Filtering" that must be changed to "Endpoint Independent" for both TCP and UDP.
+Uncheck the box to disable SPI - usually, directly below this item are options for **"NAT Endpoint Filtering"** that must be changed to **"Endpoint Independent"** for both TCP and UDP.
-Next, find the "Application Level Gateway (ALG) Configuration" area and uncheck the box for SIP.
+Next, find the **"Application Level Gateway (ALG) Configuration"** area and uncheck the box for SIP.
 Save these settings and reboot the device if requested. Figure 4 below shows additional details on how to configure this setting:
+{{ :dlink-sip-alg_480x627.jpg?nolink |}}
-Figure 4: Disabling SIP ALG on a D-Link Router
+                                    Figure 4: Disabling SIP ALG on a D-Link Router
-AT&T (2WIRE)
+**AT&T (2WIRE)**
 At the time this article was written, most AT&T services - whether DSL or UVERSE - are packaged with a 2WIRE device. Fortunately, the company allows disabling the service with minimal headache for most models and services. Yet, some models do not have this feature making this process cumbersome.
-Type in the device IP address of http://192.168.1.254 in any browser address bar. Default username is "admin" and the password can be found on the bottom on the 2wire device.
+Type in the device IP address of **http://192.168.1.254** in any browser address bar. Default username is "admin" and the password can be found on the bottom on the 2wire device.
-Go to the "Firewall" menu and then select the option for "Applications, Pinholes and DMZ". Select your phone adapter from the the list of IP addresses and then the radio button to "Allow all applications (DMZplus mode)". Save the settings and you have now put your adapter in the DMZ plus zone.
+Go to the **"Firewall"** menu and then select the option for **"Applications, Pinholes and DMZ"**. Select your phone adapter from the the list of IP addresses and then the radio button to **"Allow all applications (DMZplus mode)"**. Save the settings and you have now put your adapter in the DMZ plus zone.
-SIP ALG now needs to be disabled via the ‘Management and Diagnostic Console’ that can be accessed by entering http://192.168.1.254/mdc (note that not all models of 2wire modems can access this menu and edit the settings).
+SIP ALG now needs to be disabled via the **‘Management and Diagnostic Console’** that can be accessed by entering **http://192.168.1.254/mdc** (note that not all models of 2wire modems can access this menu and edit the settings).
-If you can access this console, click on the "Configure Services" found under the "Advanced" heading.
+If you can access this console, click on the **"Configure Services"** found under the **"Advanced"** heading.
-A setting notated as "SIP Application Layer Gateway" should be unchecked - hit the [SUBMIT] item and follow any additional prompts. See figure 5 below for a screen shot:
+A setting notated as **"SIP Application Layer Gateway"** should be unchecked - hit the [SUBMIT] item and follow any additional prompts. See figure 5 below for a screen shot:
+{{ :2wire-sip-alg_480x445.png?nolink |}}
-Figure 5: Disabling SIP ALG on a AT&T 2Wire Modem
+                                    Figure 5: Disabling SIP ALG on a AT&T 2Wire Modem
 Some have stated that it is not possible to turn off this setting. Newer firmware deployments on current models (as of April 2015, when this article was originally written) may not allow disabling this option. Contacting customer service to remote into your device will be the only way to turn off this setting.
-Comcast | Xfinity
+**Comcast | Xfinity**
 At the time this article was written (April 2015), there is no possible way to disable SIP ALG on a Comcast router by yourself. Worse yet, the company will not disable this feature for most customers.
@@ Line 116: / Line 119: @@
 Since both residential and business customers do not have an option to disable this setting from the router configuration menu, using VoIP means one of the following options will be necessary:
-    Buying the Comcast / Xfinity phone service.
+ Buying the Comcast / Xfinity phone service.
-    Hope your service transposes appropriately with SIP ALG.
+ Hope your service transposes appropriately with SIP ALG.
-    Connect another router to you gateway and put it in bridge mode.
+ Connect another router to you gateway and put it in bridge mode.
-    Purchase your own gateway compatible with Comcast/Xfinity.
+ Purchase your own gateway compatible with Comcast/Xfinity.
 The company locks down the devices such that the only voice service allowed is Comcast/Xfinity. The recommended solution involves purchasing a compatible modem for the service where greater control is possible. At this point, contact your VoIP vendor - many have unique firmware settings to push to the device as well as instructions for applying settings for a functional service.
-Final Thoughts
-Most agree that SIP ALG is the ultimate bane for VoIP services. Sadly, this technology that is supposed to help such transmissions proves to be a hindrance for virtually every product and service in existence. Though many companies have a workaround, some lack a solid solution.
-We are very interested in hearing your unique problems and resolutions involving this mechanism and if you would like us to investigate other routers. Please, take a moment to comment or ask a question - we would like to help as many VoIP consumers as possible!
+-originally published by [[https://www.whichvoip.com/articles/disable-sip-alg.htm]]