Using Response Point with ISA

In Response Point Service Pack 1, we added support for “SIP trunking” – the ability to hook RP up to a voice-over-IP provider on the Internet rather than using a traditional phone service.

One question we’ve often heard is how to configure ISA to support RP’s SIP trunking (ISA is Microsoft’s “Internet Security and Accelerator Server” – i.e. a slick security gateway that sits on the boundary between your network and the Internet).

 

By far the easiest way to configure all of this will be to use the next version of ISA, which is part of a product code-named “Stirling”. Stirling will have a built-in VoIP filter that will take care of the RP SIP trunking scenario very elegantly by examining the SIP messages and dynamically opening and closing appropriate ports for RTP traffic as needed.

 

While we wait for Stirling, there are few versions of ISA out in the wild that may be in use by RP customers. Small Business Server 2003 Premium Edition shipped with a version of ISA. Similarly, a customer may be running ISA 2004 or ISA 2006. Regardless of which version of ISA you’re using, the approach to supporting SIP trunking is the same.

Before you start configuring ISA, you should put the Response Point base unit (BU) on a static IP address. To do this, look up the BU’s MAC address (in the RP Administrator console, or written on a label on the device) and reserve an IP address for that MAC address on your DHCP server. Reboot the BU to make sure it gets the allocated IP address.

Now, onto ISA.

The simplest thing you can do is to configure ISA so that the BU’s IP address has full access to the Internet. This effectively turns ISA into a Network Address Translator, which means that the BU is not scanable from the Internet. You’ll also need to make sure your SIP Trunking configuration is set to re-register every 30 seconds, so ISA knows to keep the connection open so the BU can receive incoming calls from your service provider. This is simple but effective. If you want to tighten things down further there are a few additional approaches you can take.

 

One approach is to configure the range of external names that can access the BU. Your service provider will use different servers for signaling and media, and their use of media servers may vary dynamically, so this technique is only effective if your service provider’s happy to share that information with you.

 

Another approach is to define the particular protocols to allow. There are two protocols RP uses to communicate with the SIP trunk service provider, which you’ll need to configure ISA to support: SIP and RTP.

1. SIP (Session Initiation Protocol) is the protocol used to initiate and control phone calls. SIP traffic happens on port 5060.

2. RTP (Real Time Protocol) is the protocol used to transmit audio within a phone call. RTP traffic happens on a dynamically assigned port. In the case of RP, the port range is 49,000-49,999.

This is still a fairly large port range, so it’s up to you whether you think it’s worth doing the extra configuration to implement it.

BTW, here’s some info on Stirling https://www.microsoft.com/forefront/stirling/en/us/default.aspx. (Note that the SIP trunk support is not available in the beta.)