SIP ALG stands for Application Layer Gateway and is common in all many commercial routers. Its purpose is to prevent some of the problems caused by router firewalls by inspecting VoIP traffic (packets) and if necessary modifying it.
Many routers have SIP ALG turned on by default.
There are various solutions for SIP clients behind NAT, some of them in the client side (STUN, TURN, ICE), others are in the server side (Proxy RTP as RtpProxy, MediaProxy).
Generally speaking, ALG works typically in the client side LAN router or gateway. In some scenarios, some client-side solutions are not valid, for example, STUN with symmetrical NAT router. If the SIP proxy doesn’t provide a server-side NAT solution, then an ALG solution could have a place.
An ALG understands the protocol used by the specific applications that it supports (in this case SIP) and does a protocol packet-inspection of traffic through it. A NAT router with a built-in SIP ALG can re-write information within the SIP messages (SIP headers and SDP body) making signalling and audio traffic between the client behind NAT and the SIP endpoint possible.
Even though SIP ALG is intended to assist users who have phones on private IP addresses (Class C 192.168.X.X), in many cases it is implemented poorly and actually causes more problems than it solves. SIP ALG modifies SIP packets in unexpected ways, corrupting them and making them unreadable. This can give you unexpected behaviour, such as phones not registering and incoming calls failing.
Therefore if you are experiencing problems we recommend that you check your router settings and turn SIP ALG off if it is enabled.
If you are still having problems after disabling SIP ALG, please check your firewall configuration.
If your device does not have a web interface then you’ll need a telnet client.
You will be prompted to provide a username and/or password. These are the same credentials used to access the router’s web interface.
Afterwards, type in these commands:
sys sip_alg 0 sys commit
On Draytek Vigor2750 and Vigor2130 please use these commands instead:
kmodule_ctl nf_nat_sip disable kmodule_ctl nf_conntrack_sip disable
Navigate to the web interface Click Settings. Enter the required username and password, then click Log In. Note: The default username and password is admin. Click the Security dropdown. Click SIP ALG Settings. Untick the Enable SIP ALG box. Click Apply.
Disabling the SIP ALG in a VoIP profile SIP is enabled by default in a VoIP profile. If you are just using the VoIP profile for SCCP you can use the following command to disable SIP in the VoIP profile.
config voip profile edit VoIP_Pro_2 config sip set status disable end
configure set security alg sip disable commit
Under ‘NAT Filtering’ uncheck the option ‘SIP ALG’ Port Scan and DoS Protection should also be disabled. Disable STUN in VoIP phone’s settings.
-> connection unbind application=SIP port=5060 -> saveall
Alternatively, you can SSH into the device and run the following commands:
configure set system conntrack modules sip disable commit save exit
Service You Are Interested in: *Hosted VoIPBroadbandLeased Line