[Asterisk-Users] Sip and One Way Audio

Rich Adamson radamson at routers.com
Tue Aug 12 09:12:29 MST 2003


> Were having the same problem, but the other way around.
> 
> We have some SIP UA's behind a NAT firewall.
> This problem only applies to a particular brand of TA's, the others 
> (Cisco ATA's) works fine.

For those that might be using firewalls (regardless of vendor), keep in
mind that some boxes implement NAT (network address translation), some
PAT (port address translation), and some do both.

Most of the Linksys boxes (as one example only) do PAT, which causes the
"first" session to function properly but subsequent sessions fail. There
are a ton of folks that have had issues with PAT, but the issues are
rather difficult to diagnose without a sniffer. (Example: user workstation
runs an app that starts on udp:5400. The second occurance of the app from
the inside edge of this box, possibly from a different workstation, attempts
to use the same udp:5400. The outside edge of the box already has udp:5400
in use, therefore the second occurence invokes the PAT function mapping
the user to another udp sorce port. Needless to say, the second occurance
will fail "if" the app is expecting to/from traffic on a specific port.)

Note also these firewall boxes frequently use unusual table timeout values
for udp NAT & PAT. Since there is no "session" (as there are in tcp), the
firewall box must use some preset timeout value that essentially removes
the udp table entries after some period of inactivity. The PIX firewall,
as an example only, has a rather lengthy timeout while others "could be"
as short as 5, 10, 15 seconds. The timeout value is not well published for
most of the cheap boxes.

Therefore, before jumping to a conclusion that would suggest one piece of
voice-over equipment is better/worse then others through a firewall, one
might want to obtain a sniffer trace of the packet flows to validate
actual activity.






More information about the asterisk-users mailing list