Basic RTP issues

Version 1


    Covering basic RTP issues with Firewalls



    SIP – Call sessions are setup on the TCP/UDP ports.  The Actual Conversion ( Audio ) will be transmitted via RTP

    RTP will have its own ports to traverse the networks.  These ports are across a very broad range, as an example, Cisco will advertise across a 4,000 to 40,000 port range.

    IPCM on a Default, standard install,will utilize the port range of 40,000 to 60,000 - these are modifiable depending on the needs and security of the network.

    The out bound RTP traffic will pass through a firewall but if the port is not negotiated properly during the initial Session setup, the RTP traffic returning to the call will not be permitted through the fire wall, resulting in one way audio or no audio if the port negotiation fails on the other side of the call.

    Firewalls may by default block RTP inbound traffic. Unless the firewall is a SIP Aware firewall. 

    Also,  RTP traffic is dynamically allocated, meaning one call may go out via port 4050 as an example, but the next call will go 30,050.


    Some solutions are,

    SIP Aware firewalls

    Symmetric RTP

    Session Border Controllers

    Media Proxies.