FW-B-2 Solution B: Tell Firewall (slide 2) Alice Bob FW-B-1 FW-A Bob's Call Controller Alice's Call Controller Alice’s Policy Server Bob’s Policy Server 183 or 200From: BobTo: AliceIP=Z, UDP=z, Token=B1 13 17 14 15 16 19 STUNResponse FW-B-2 needs no external authorization check because the same STUN transaction-id and (flipped) 5-tuple are in STUN Request and Response FW-B-3 FW-B-4 FW-B-3 and FW-B-4 time out the STUN transaction-id aggressively (5-10 seconds) informational |