SIP ALG what to do if I can't disable it on the internet provider router


I have not found many details of how SIP-ALG does detect which traffic to alter.
Is it “destination port 5060” or more subtle ?

Any recommendation (beside VPN) to avoid SIP-ALG if it cannot be disabled on a router?


Some are port based; others use DPI. Make/model?

What’s behind the ISP router (client devices such as IP phones or softphones, the PBX, both)?
What trouble do you suspect is being caused by the ALG?

Assuming only client devices, try using ports other than 5060 on both ends.
Using SIP over TCP instead of UDP will avoid the ALG on most routers.
Using SIP over TLS (if the devices support it) will solve the issue, as an ALG is impossible with TLS.
Some ISP routers don’t allow disabling the ALG in the GUI, but the ISP may disable it remotely upon request.
Most ISP routers have a ‘bridge’ mode (making it act as a dumb modem), allowing an external router to be used without double NAT.

1 Like