Re: SIP Issues with SRX 240

DATA_LAN -- 10.1.0.0/24 --- Asterisk server is in this Vlan

VOIP_LAN --- 10.3.0.0/24

set security policies from-zone DATA_NW to-zone untrust policy DATA-to-Inet match source-address DATA_LAN
set security policies from-zone DATA_NW to-zone untrust policy DATA-to-Inet match destination-address any
set security policies from-zone DATA_NW to-zone untrust policy DATA-to-Inet match application any
set security policies from-zone DATA_NW to-zone untrust policy DATA-to-Inet then permit

set security policies from-zone VOICE to-zone DATA_NW policy VOIP-To-DATALAN match source-address VOIP_LAN
set security policies from-zone VOICE to-zone DATA_NW policy VOIP-To-DATALAN match destination-address DATA_LAN
set security policies from-zone VOICE to-zone DATA_NW policy VOIP-To-DATALAN match application any
set security policies from-zone VOICE to-zone DATA_NW policy VOIP-To-DATALAN then permit

set security policies from-zone DATA_NW to-zone VOICE policy DATA_NW-To-VOIP match source-address DATA_LAN
set security policies from-zone DATA_NW to-zone VOICE policy DATA_NW-To-VOIP match destination-address VOIP_LAN
set security policies from-zone DATA_NW to-zone VOICE policy DATA_NW-To-VOIP match application any
set security policies from-zone DATA_NW to-zone VOICE policy DATA_NW-To-VOIP then permit

set security policies from-zone VOICE to-zone untrust policy VOICE-to-Inet match source-address VOIP_LAN
set security policies from-zone VOICE to-zone untrust policy VOICE-to-Inet match destination-address any
set security policies from-zone VOICE to-zone untrust policy VOICE-to-Inet match application any
set security policies from-zone VOICE to-zone untrust policy VOICE-to-Inet then permit
set security policies from-zone VOICE to-zone untrust policy VOICE-to-Inet then log session-init
set security policies from-zone VOICE to-zone DATA_NW policy VOIP-To-DATALAN match source-address VOIP_LAN
set security policies from-zone VOICE to-zone DATA_NW policy VOIP-To-DATALAN match destination-address DATA_LAN
set security policies from-zone VOICE to-zone DATA_NW policy VOIP-To-DATALAN match application any
set security policies from-zone VOICE to-zone DATA_NW policy VOIP-To-DATALAN then permit
set security policies from-zone VOICE to-zone DATA_NW policy VOIP-To-DATALAN then log session-init
set security policies from-zone DATA_NW to-zone VOICE policy DATA_NW-To-VOIP match source-address DATA_LAN
set security policies from-zone DATA_NW to-zone VOICE policy DATA_NW-To-VOIP match destination-address VOIP_LAN
set security policies from-zone DATA_NW to-zone VOICE policy DATA_NW-To-VOIP match application any
set security policies from-zone DATA_NW to-zone VOICE policy DATA_NW-To-VOIP then permit
set security policies from-zone DATA_NW to-zone VOICE policy DATA_NW-To-VOIP then log session-init

set security policies from-zone VOICE to-zone VPN policy Voice-Traffic match source-address VOIP_LAN
set security policies from-zone VOICE to-zone VPN policy Voice-Traffic match destination-address AMPLAN_2.0
set security policies from-zone VOICE to-zone VPN policy Voice-Traffic match destination-address AMPLAN_4.0
set security policies from-zone VOICE to-zone VPN policy Voice-Traffic match application any
set security policies from-zone VOICE to-zone VPN policy Voice-Traffic then permit
set security policies from-zone VPN to-zone VOICE policy voice match source-address AMPLAN_4.0
set security policies from-zone VPN to-zone VOICE policy voice match source-address AMPLAN_2.0
set security policies from-zone VPN to-zone VOICE policy voice match destination-address VOIP_LAN
set security policies from-zone VPN to-zone VOICE policy voice match application any
set security policies from-zone VPN to-zone VOICE policy voice then permit

set security zones security-zone VOICE host-inbound-traffic system-services all
set security zones security-zone VOICE host-inbound-traffic protocols all

set security zones security-zone DATA_NW host-inbound-traffic system-services all
set security zones security-zone DATA_NW host-inbound-traffic protocols all

set security nat source rule-set Allow_ALL from zone DATA_NW
set security nat source rule-set Allow_ALL from zone DMZ
set security nat source rule-set Allow_ALL from zone GUEST
set security nat source rule-set Allow_ALL from zone SCCM
set security nat source rule-set Allow_ALL from zone VOICE
set security nat source rule-set Allow_ALL to zone untrust
set security nat source rule-set Allow_ALL rule permit match source-address 10.1.0.0/24
set security nat source rule-set Allow_ALL rule permit match source-address 10.3.0.0/24
set security nat source rule-set Allow_ALL rule permit match source-address 10.20.0.0/24
set security nat source rule-set Allow_ALL rule permit match source-address 192.168.100.0/24
set security nat source rule-set Allow_ALL rule permit match source-address 10.2.0.0/28
set security nat source rule-set Allow_ALL rule permit match destination-address 0.0.0.0/0
set security nat source rule-set Allow_ALL rule permit then source-nat interface
set security nat source rule-set AP_Allow from zone MGMT
set security nat source rule-set AP_Allow to zone untrust
set security nat source rule-set AP_Allow rule Cloud_AP match source-address 10.10.0.11/32
set security nat source rule-set AP_Allow rule Cloud_AP match source-address 10.10.0.12/32
set security nat source rule-set AP_Allow rule Cloud_AP match destination-address 0.0.0.0/0
set security nat source rule-set AP_Allow rule Cloud_AP then source-nat interface

set security alg h323 disable
set security alg sip disable
set security alg talk disable