Linksys SPA9x2 Phone Administration Guide Cisco Confidential--First Draft10
Using SPA9x2 Phones with a Firewall or Router
Introducing Linksys SPA9x2 Phones
TCP overcomes the problem with UDP ports being blocked by corporate firewalls. With TCP,
new ports do not need to be opened or packets dropped, because TCP is already in use for
basic activities such as Internet browsing or e-commerce.
SIP Proxy Redundancy
An average SIP proxy server may handle tens of thousands of subscribers. A backup server
allows an active server to be temporarily switched out for maintenance. Linksys phones
support the use of backup SIP proxy servers to minimize or eliminate service disruption.
A static list of proxy servers is not always adequate. If your user agents are served by different
domains, for example, you would not want to configure a static list of proxy servers for each
domain into every SPA9x2 phone.
A simple way to support proxy redundancy is to configure a SIP proxy server in the SPA9x2
phone configuration profile. The DNS SRV records instruct the phones to contact a SIP proxy
server in a domain named in SIP messages. The phone consults the DNS server. If configured,
the DNS server returns an SRV record that contains a list of SIP proxy servers for the domain,
with their host names, priority, listening ports, and so on. The SPA9x2 phone tries to contact the
hosts in the order of their priority.
If the SPA9x2 currently uses a lower-priority proxy server, the phone periodically probes the
higher-priority proxy and switches to the higher-priority proxy when available.
The dynamic nature of SIP message routing makes the use of a static list of proxy servers
inadequate in some scenarios. In deployments where user agents are served by different
domains, for instance, it would not be feasible to configure one static list of proxy servers per
covered domain into every SPA9x2 phone.
One solution to this situation is through the use of DNS SRV records. SPA9x2 phones can be
instructed to contact a SIP proxy server in a domain named in SIP messages. The SPA9x2 phone
consults the DNS server to get a list of hosts in the given domain that provides SIP services. If an
entry exists, the DNS server returns a service (SRV) record that contains a list of SIP proxy
servers for the domain, with their host names, priority, listening ports, and so on. The SPA9x2
phone tries to contact the list of hosts in the order of their stated priority.
If the SPA9x2 phone is currently using a lower priority proxy server, it periodically probes the
higher priority proxy to see whether it is back on line, and attempts to switch back to the higher
priority proxy whenever possible.
See ”Configuring a SIP Proxy Server” section on page 101 for more information.
Using SPA9x2 Phones with a Firewall or Router
When using a SPA9x2 behind a firewall or router, make sure the following ports are not blocked:
• SIP ports—By default, UDP port 5060 through 5064
• RTP ports—16384 to 16482