Can we disable ALG (SIP-Helper) for all VPN Sessions?
If possible for specific IP ranges or for AAA Groups?
How can we do this because it is causing phone connections to drop for a specific customer using other vendors for VoIP calls passing through the Gateway VPN.
Unfortunately, It is not possible to bind the SIP Header drop policy on a VPN Gateway nor to a AAA group.
SIP re-write policies will get evaluated only against SIP protocol type binding points, like a LB VIP of type SIP.
As a possible suggestion path to disable SIP in ADC you could ::
First – find a way to route all your SIP type traffic to a SIP LoadBalance Virtual Server
Second – bind the re-write policy to this LBV. This way, SIP re-write policy will get evaluated against SIP protocol traffic.
add rewrite action Drop_SIP_Helper_Act delete_sip_header SIP-Helper
add rewrite policy Drop_SIP_Helper_Pol “SIP.REQ.HEADER(“SIP-Helper”).EXISTS” Drop_SIP_Helper_Act
This is the only way to disable SIP from ADC standpoint.
You could bind the re-write policy Globally as well, but even so, only SIP Protocol binding points (like SIP LB VIPs) will evaluate the policy.