VoIP
Christian Wieser
chwieser at EES2.OULU.FI
Wed May 24 04:04:00 EDT 2000
Morning,
David, could you (and anyone) please tell more about the problems with ASN.1
strings traveling over VPNs?
As far as I understand VPNs should be transparent for the higher level
protocols ...
Regards,
> Good luck.
>
> One known problem with most VPN gateways is that they break VoIP flows, or
> prevent calls from getting set up in the first place. That's because
> gateways encrypt traffic -- including the ASN.1 strings used in H.323 (and
> various other voice-over-packet technologies) to set up calls.
>
> I've heard of two vendors working on fixes: Last fall Nokia/Check Point were
> gonna do a special build of FW-1 that dealt correctly with VoIP flow, but I
> don't know the status of this project. And Cisco supposedly decrypts and
> then re-encrypts such strings on the fly, but their own engineers described
> this approach to me as "ugly" -- by which I presume they mean there's a big
> performance hit.
>
> My info is a few months old. If anyone else is aware of a better way to do
> VoIP through IPSec gateways please share it with the list.
>
> Regards,
> David Newman
>
>
> -----Original Message-----
> From: VPN Mailing List [mailto:VPN at SECURITYFOCUS.COM]On Behalf Of Chavdar
> Parvanov
> Sent: Friday, May 19, 2000 2:32 AM
> To: VPN at SECURITYFOCUS.COM
> Subject: VoIP
>
>
>
> Hello,
> I need more invormation about implementing VoIP over VPN - devices (FXO,
> FXS), standards, etc.
>
> VPN is sponsored by SecurityFocus.COM
--
Christian Wieser - Oulu Secure Programming Group
mailto: chwieser at ee.oulu.fi
See my homepage at http://www.ee.oulu.fi/~chwieser for my PGP-Public-Key
VPN is sponsored by SecurityFocus.COM
More information about the VPN
mailing list