News Stay informed about the latest enterprise technology news and product updates.

Jasomi yokes together security and NAT for VOIP

Jasomi has joined security and NAT for voice over Internet Protocol.

Drawing on security and voice-over-IP routing expertise, Jasomi has built call peering products that translate IP addresses at the edge of the network and combine signaling through session initiation protocol with packet processing.

The technology may seem esoteric, but it is fairly crucial to the integrity of voice over IP and solves some pressing security issues, such as the integration of firewalls.

Jasomi has taken as its starting point the back-to-back user agent, which is basically a SIP gateway linking two concurrent sessions (hence back-to-back) into a single call. The BBUA is integrated with a media proxy in its PeerPoint device. Just building the box, like a few other startups are doing at the moment, would eventually set the company up to be in a commodity business.So to create a niche for itself, Jasomi has built in the ability to add a layer of security to voice over IP, actually terminating the call and making a copy before sending it on, along with the more common function of network address translation (NAT).


The company's focus on security comes as a result of CEO Dan Freedman's experience at Network Associates and VP of technical services Johnson Wu's work in the development of Cisco's PIX firewall. The technology to integrate the signaling and media transport on a single box, rather than simply handling the signaling like a SIP proxy server, is based on the expertise of CTO David Bryan, who led software development for Vovida. Vovida was an open source softswitch maker that Cisco acquired in 2000.


Jasomi's core PeerPoint product is a back-to-back user agent integrated with a media gateway. The BBUA is like a PSTN gateway, but has SIP on both sides, rather than SIP on one and PSTN on the other. The BBUA establishes two independent SIP calls and selectively bridges audio and other information between them, separating the caller and the recipient of the call into two separate sessions.

While there is some debate over where SIP should be used in VOIP networks -- whether it should complement or supplant legacy protocols like H.323 or more recently developed technology like Media Gateway Control Protocol -- there is growing support for the protocol, primarily for signaling in VOIP networks. SIP separates the session logic from the session itself, but its utility is confined to creating and breaking down sessions -- the media stream, or voice packets, are sent along another path. The Jasomi box integrates the two paths using a network processor to inspect the packets as they come in. The packet inspection is an important element in the box's security capabilities.

To use VOIP, network administrators have to leave a few ports open on the firewall to allow the connections to be made, which leaves the network vulnerable to denial-of-service attacks and other security risks. The Jasomi box, residing in the DMZ (for demilitarized zone, a 'neutral zone' between a company's private network and the outside public network), intercepts the VOIP calls and actually terminates them, although it makes a copy of both the signaling information and media packets. Using policy management and network address translation, the device will forward the calls onto phones in the corporate network or drop data streams that appear suspicious. With extremely long packets, the box will 'rate limit' the stream so the network isn't overwhelmed.


Jasomi uses the same technology for the wiretapping feature on its box pitched at carriers. Wiretapping involves making a copy of a call and forwarding it on to law enforcement authorities. With a circuit-switched network this is a straightforward matter, since it's clear where the call starts and ends and the path it travels on. With an IP network, none of these elements can be pinned down with any certainty. By putting its device in the middle of the caller and recipient, effectively creating three fixed points, and by terminating the calls at each end, Jasomi tackles the regulatory issue.

The company defines its product for the carrier market as a SIP-to-SIP gateway, and it basically functions like a demarcation point in VOIP networks. Carriers can be cagey about their call routes, so terminating the call at the edge of carrier networks and then handing off a secure copy of the call is more appealing than the alternative.


Unlike other players building edge devices in the VOIP space, Jasomi has no TDM interface and no strategy to migrate from legacy voice infrastructure to VOIP. According to CEO Freedman, Jasomi's business is equally split between carriers and enterprises. The company has a few direct competitors, most notably Acme Packets, but its broader struggle is convincing the market that bundling security to a BBUA coupled with a media gateway is the best architecture for VOIP networks. Firewall vendors and other startups could present a challenge, as could vendors of another emerging category of gear called application layer gateways, analogous to application servers. Some, like Nortel, have built proprietary NAT systems into their PBXes.

HR> the451 ( is an analyst firm that provides timely, detailed and independent analysis of news in technology, communications and media. To evaluate the service click here.

Dig Deeper on Network Administration

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.