Compatible Routers and Firewalls - old for reference
NOTE this article is now old and the below is for legacy reference for the older devices, most newer devices or updated firmware now support these services but please check or use the list below for guidance as to things perhaps to look out for;
Compatible Routers and Firewalls
Before deploying IPVS you need to ensure your current network can support the service, here is a quick guide to help
Introduction
The following is a list of known routers and modems which have been determined to be compatible, incompatible or compatible with changes to the configuration of the device. We have not been able to test all of these devices and the information is a guide drawn from various sources and peoples experience.
We highly recommend checking all network equipment on site against this list before deploying our IPVS in your office. Whenever possible you should choose a router that has QoS (Quality of Service) if you plan to share the same internet connection with non-VoIP services (such as desktop computers) but please note shared connections are not supported for Quality Issues and we do not recommend using Broadband ADSL based services for more than 2 handsets on a shared connection.
You should ensure that all devices are running the latest stable firmware from the vendor.
Compatible Devices
Apple Airport
Current Status: Compatible
Recommendation: Suitable for 1-3 phones
Comments: There are no known issues with this router although it is best used for smaller offices (1-3 phones). This device is not believed to offer QoS which may be a drawback in certain deployments.
Linksys
Models: RV082, RV016, RV042
Current Status: Compatible
Recommendation: Recommended
Comments: The MTU settings under 'Setup' -> 'Network' should be set to 1500 (Cable) or 1492 (DSL). QOS Capable.
Models: WRVS4400N
Current Status: Compatible
Recommendation: Recommended
Comments: None
Models: WRT160N
Current Status: Compatible
Recommendation: Suitable for 1-2 Phones
Comments: No QOS
Models: WRT54G2
Current Status: Compatible
Recommendation: Recommended for 1-2 phones
Comments: This router is compatible and recommended for 1-2 sip phones. Appears to have problems with 3 or more SIP phones caused by NAT issues. Use DDWRT firmware instead in this case if hardware revision allows for this.
Netgear
Models: DG834UK, DG834GUK, WNR1000, DGN1000
Current Status: Compatible & Fully Tested
Recommendation: Recommended for SME Sites on dedicated lines
Comments: You must disable the SIP ALG option on these for them to work
Siemens
Models: Speedstream
Current Status: Compatible
Recommendation: Suitable for 1-3 Phones
Comments: No QOS
Sonic Wall
Current Status: Compatible
Recommendation: Disable SIP ALG
Comments: We recommend that customers set RTP up to 120 seconds and turn on consistant NAT. We also recommend that you disable SIP Transformations (uncheck the box).
Devices believed compatible after changes
Cisco Routers
Models: 857W Annex A ADSL Router
Current Status: Compatible; may require changes
Recommendation: Disable SIP ALG
Comments: SIP ALG can be disabled with no ip nat service sip udp port 5060. IOS firewall for stateful packet inspection can be left running with no obvious or delayed effects.
Models: General
Current Status: Compatible; may require changes
Recommendation: Will work but models vary and changes will be required
Comments: The Cisco routers encountered are generally compatible with IPVS, but may require some changes.
The router's NAT service for SIP should be disabled, with the command:
no ip nat service sip udp port 5060
For Firewall versions SIP ALG needs disabling:
no fixup sip
D-Link
Models: DIR-615, EBR-2310
Current Status: Compatible after Changes, Hardware Revision B Only
Recommendation: Disable SIP ALG
Comments: This applies to Hardware Revision B only. Other hardware revisions are not compatible with VoIP as they do not have the disable SIP ALG option.
This router has known issues with VoIP services if SIP ALG is not disabled. Disable the SIP ALG setting on the router available in firmware releases 2.2.4 and higher. This option is available within the firewall settings under the 'Application Level Gateway (ALG) Configuration'. The SIP option should be unchecked.
Models: DIR-625
Current Status: Possibly Compatible after Changes
Recommendation: 3-4 Users, not for larger sites
Comments: Disable SIP ALG
Juniper
Models: Netscreen
Current Status: Compatible after Changes
Recommendation: Disable SIP ALG
Comments: You must disable the SIP ALG on the Netscreen router. Navigate to the 'Configuration' page and choose 'Advanced'. Then choose ALG and un-check the SIP check box.
Netgear
Models: FVG318
Current Status: Compatible after Changes
Recommendation: Update firmware and disable SIP ALG
Comments: This router is known to cause issues related to storing configuration and failed firmware downloads with Aastra series phones. To disable the SIP ALG, first login to your router and select 'Rules' from the left hand side menu. Next, check the box that says 'Disable SIP ALG'.
SMC
Models: 3100
Current Status: Not Compatible
Recommendation: Bridge device to supported router
Comments: This router is not compatible with IPVS unless it is bridged. We recommend bridging the router to alternative router so that it acts as a modem only.
Zxyel
Models: Various
Current Status: Possibly compatible after changes
Recommendation: Disable SIP ALG or bridge device to router
Comments: This router is not compatible with VoIP services without modifications. To disable the SIP ALG you must first telnet into the router/modem. Choose (24) System Maintenance and (8) Command Interpreter Mode. From the command line type:
ip nat service sip active 0
You will receive the message "SIP ALG Disable"
Incompatible Devices
NOTE: These devices have not been fully tested and later versions of firmware may correct this entry but at the time of test these devices did not work.
Belkin
Models: Various
Current Status: Not Compatible
Recommendation: Replace device
Comments: This router is not compatible with VoIP services. We cannot support this router in any way and it must be replaced before using our service.
D-Link
Models: DIR-825, WBR-1310
Current Status: Not Compatible
Recommendation: Replace Device
Comments: Unable to disable SIP ALG
Draytek
Models: Various
Current Status: Not Compatible
Recommendation: Replace Device
Comments: SIP ALG can be disabled and the devices appear to work fine but we have noticed that for certain sites (no apparent pattern) handsets will lose the ability to communicate with the platform. This normally happens when handsets have been left unused for a period of time. The nearest we have to a pattern is that routers for cable in a series that has no VoIP options appear to be working, we suspect that residual elements of the voice services are present in the firmware that corrupts the system.
Linksys
Models: WRT54G, WRT54GX, WRT54GL, WRT54GS
Current Status: Not Compatible
Recommendation: Replace Device or Replace Firmware
Comments: This router is not recommended for use with VoIP services using the stock firmware from Linksys. This model router is known to damage and modify SIP packets in such a way that it prevents VoIP packets from being formatted correctly and can cause a multitude of problems.
You may be able to install custom firmware such as DD-WRT (http://www.dd-wrt.com) as a replacement. Note that the procedure does require some technical knowledge and ability. The DD-WRT firmware allows you to disable SIP ALG and enable QOS (Quality of Service), but this has not been tested in our labs yet.
Devices not yet Tested
Cisco Pix
Current Status: Untested
Recommendation: Untested
Comments: Not tested but the following information may be helpful.
The cisco pix firewall requires that in version 7.0 or later look at the "inspect" fields. (Prior to version 7 it was called "fixups" not "inspect".) Make sure that the "inspect SIP" field is NO. "No inspect sip" is the proper setting. With 'inspect sip' on the PIX firewall replaces the internal IP address of the phone with the external IP address. We use both pieces of information to accurately deliver the call. The internal IP address must be inside the SIP packet for proper functioning.
Thompson
Models: Speedtouch ST-585, TG-585
Current Status: Untested
Recommendation: Untested
Comments: The internal SIP service needs to be disabled. You will need to use a telnet (port 23) client to connect to the ip address of this router using putty or another telnet client. The username and password is the same as the one used to access the Web UI (default username Administrator). You will need to first login to the Web UI to and change the password before you can telnet into the device . Once connected to the router you will need to type these commands:
connection unbind application=SIP port=5060
saveall
Other Routers / Firewalls
Current Status: Untested
Recommendation: Untested
Comments: In general a large majority of devices that we have found seem to be more capable of running the IPVS platform provided the SIP ALG is disabled, we cannot provide any support for other manufacturers equipment in relation to it's suitability for the IPVS service.