SIP is one of the cornerstones of VoIP; you need it to make calls since it creates and maintains connections to the other party. With it, you don’t need extensive hardware for outgoing and incoming calls; everything is done using simple computers, SIP endpoints (SIP and VoIP phones and associated communications devices), and the internet.

SIP calling allows you to reach customers and colleagues around the world at a significantly lower cost as compared to other technologies. In fact, adopters of VoIP technology save as much as $5,000 a year by switching. Still, you need call audio quality and one of the first steps that you’ll need to take to ensure this is to disable SIP ALG on your router.


Compare top SIP trunking providers



Quick links:


What is SIP ALG?

SIP ALG stands for Session Initiation Protocol Application Layer Gateway. This technology, which is also called an application-level gateway,  is available on most commercial routers, and it helps users more reliably initiate SIP calls, even when behind a LAN with a secure firewall configuration. The ALG is a network address translation (NAT) tool that changes private IP addresses and ports into public IP addresses and ports.

The SIP ALG acts as an independent firmware program to prevent firewall-related issues on the router. It inspects the SDP portion of data packets and modifies them so that they send correctly. Remember, all VoIP changes audio data (voice) into packets that are then sent over the net, so theoretically, this should ensure call quality.

Unfortunately, the technology often ends up hindering the quality of SIP calls due to the multi-process nature of SIP and the delicateness of data packets. This is why many SIP trunking providers tell you to disable the feature on your router.


How SIP and ALG Interact

To understand why SIP ALG is so problematic for modern SIP phone systems, take a look at the five-step process involved when you’re trying to make a SIP call. SIP helps open and terminate data connections, but with a SIP call, there are a few steps in between. Here are the five most important:

  1. The Invite Stage: This happens when you reach out to another caller to initiate a call. The invite begins on your side.
  2. The Invite Response Stage: When the connection happens, a response is sent back to the initial dialer.
  3. The Answering Stage: The answering stage is an acknowledgment of the inbound call, not the call itself. This part of the process also initiates at the receiving party.
  4. The Confirmation Stage: This is the final acknowledgment of the call connection. This is sent out from your end (the originator).
  5. The Call Stage: Once these four steps have been completed, the actual call happens. This is a two-way connection.

While this may seem like a lengthy and complicated process that sends data both ways, it’s done in only a few seconds. The problem with this from a connection perspective is that having a five-part connection process means a heightened chance for packet loss when ALG is modifying the data as it is sent/arrives.


Why Should ALG be Disabled?

During modern SIP outgoing and incoming VoIP calls, ALG modifying data packets is problematic, especially considering how poorly implemented the service is on most commercial routers. The ALG service intends to provide clearer connections, but since it modifies data packets erratically, the opposite is often true.

Each time the system confirms and acknowledges a connection attempt, the ALG modifies the SIP packets being sent. This is because the changeover from private IP addresses and ports to public is done by scripting. Scripting is very risky – sometimes during the translation process, important parts of the message are lost. This will affect VoIP calls in different ways:

  • Failed Registrations – With multiple acknowledgments required during a call, if any fail, the call will fail to connect. This is called a failed registration, which is often a direct result of a SIP ALG working in the background.
  • One-Way Audio – Can you hear the other party, but they can’t hear you? These one-way audio SIP calls are typically the result of either poor firewall settings or the ALG modifying the packets so that audio is lost on one end of the call.
  • Dips in Call Quality – When packets are lost during any internet-based call, you’ll start to hear static, lapses in sound transmission, or echoing. Modifying the call degrades data during transmission or receipt.
  • Lost Connections – You can easily lose the call altogether with this router service. When data is lost and is unrecoverable, it’s easy to be disconnected.

With a SIP call, there are more chances to incorrectly modify data packets in unexpected ways, which adversely affects your calls. Fortunately, disabling the router service is usually done easily in the router web interface. If the feature isn’t available on your device, then you should consider purchasing a new router.


How to Disable SIP ALG on Your Router

Entering your router’s interface is almost always very easy. Each router has the IP address of the router’s interface printed on a decal that also includes the default login information so that you change settings through a browser. By default, many manufacturers set the login information as “admin” for the user and “password” for the pass - though some may not need a password. For commercial routers, you’ll want to change this login information to something more secure.

Unfortunately, not every router brand makes disabling this feature easy, so let's help you understand some common methods for the world’s most popular router manufacturers. It’s important to note that Cisco has a more convoluted process since you’ll need to have access to the command line to change router settings.

Router Manufacturer Common IP Address How to Disable
  • Click on WAN
  • Click NAT passthrough
  • Click the drop-down menu to disable SIP passthrough
  • Click apply
  • Click Advanced Setup
  • Click on NAT
  • Click on ALG
  • Uncheck the box labeled SIP Enabled
  • Click Save/Apply
  • Click Advanced
  • Click WAN Setup
  • Check the box called Disable SIP ALG
  • Click Apply
  • Click Advanced
  • Click Firewall Settings
  • Uncheck the box called Enable SPI
  • Change UDP and TCP Endpoint Filtering to Endpoint Independent
  • Uncheck SIP under (ALG) Configuration
  • Click Save Settings
  • Click ALG
  • Uncheck Session Initiation Protocol (SIP)
    Uncheck Netmeeting (H.323)
  • Click Save Status
Cisco N/A
  • Login to router’s terminal via telnet, SSH, or serial console
  • Type enable
  • Type configure terminal
  • Type no IP nat service sip UDP port 5060
  • For TCP, also type no IP nat service sip TCP port 5060
  • Click Advanced
  • Uncheck SIP ALG

For BEFSR41:

  • Click Applications and Gaming
  • Click Port Triggering
  • Type in TCP in the application field
  • Type in 5060 in the Triggering and Forwarded Range fields
  • Click Enable
  • Click on the Internet Tab
  • Navigate to Port Forwarding and click
  • Uncheck the field labeled Enable SIP ALG
  • Click Save
Cisco ASA
  • Select Configuration, Firewall
  • Click Global Policy Rule
  • Click Select Rule Actions, Protocol Inspection
  • Uncheck the SIP field
  • Click Apply
  • Click Save
Arris Gateway
  • Under Advanced, click Options
  • Uncheck the SIP box


After making any of these changes, it’s a good rule of thumb to reboot the router for the changes to take hold. Once the changes are made, you should experience fewer call quality problems on your SIP connections as compared to when ALG managed the links.


Other Ways to Enhance SIP Calling

There’s a reason why most VoIP providers tell you to disable this feature; it’s simply not designed for how modern SIP calling over local and hosted PBX systems work. Disabling SIP ALG will help bring a higher level of quality to your calls, but it’s far from the only step that you should take to increase call quality. If you are frequently having calls with mediocre audio or static, consider upgrading your internet plan with your ISP; VoIP is dependent on your connection speed, so spend a little extra to prevent packet loss.

Additionally, not every router is excellent for internet-based calling. Consider purchasing a router that’s optimized for VoIP traffic –remember that it may have ALG enabled by default. Quality of Service (QoS) is also a useful feature since it will help you to prioritize SIP traffic at the device level. This will virtually ensure high-quality calls. Also, consider one of the top SOHO routers since they are useful for SIP calls or online meetings.