[Asterisk-Users] Known SIP - NAT Solutions?

John Todd jtodd at loligo.com
Wed Mar 5 15:00:23 MST 2003 

>      I have recently begun experimenting with Asterisk, and have been
>mightily impressed by its capabilities and flexibility. I have run
>across one problem, however, that challenges my ability to use it as a
>production system.
>
>      My Asterisk box has a public Internet IP, and works great with SIP
>(ATA 186) clients that also have public IP addresses. Unfortunately,
>most of the locations that I would like to put these SIP phones into are
>behind NAT. Calls placed from behind NAT are consistantly unsuccessful.
>I have read in several places that there are software solutions to this
>problem, though I have found no specific references to precisely what
>software to use, or how it should be configured to hand these calls off
>to Asterisk.
>
>      Has anyone on the list successfully overcome this limitation? If
>so, any advice you might be able to provide would be greatly
>appreciated.
>
>Thanks!
>
>Sincerely,
>Matthew Farley
>asterisk at wheatstate.net

Interesting that you bring this topic up - kram was working on this 
last night (with me testing implementations.)

There is now (thanks, Mark!) an addition in sip.conf called "nat=1" 
that can flag a sip user/peer/friend as being behind a NAT address 
translator.  The good news is that the REGISTER and INVITE requests 
seem to work on the ATA-186 from which I was experimenting.

The bad news is that RTP still doesn't work, and so one-sided 
conversations occur (ATA->NAT->Asterisk->other party   where the 
other party can hear me, but I cannot hear them.) This of course 
stems from the fact that NAT (in most cases) requires symmetric port 
usage to pass packets back inside the NAT to the right host.  SIP 
call process information passes quite well between * and my ATA-186, 
so half of the problem is solved...

Anyone have any ideas?  I _know_ it can work, because with the same 
exact ATA-186, I can connect from behind a NAT to the 
iconnecthere.com servers, so is this STUN or something else that 
they're using?  I set up the Vocal stund on my * server, but that 
didn't seem to do the trick.

JT

More information about the asterisk-users mailing list