FW: [Asterisk-Users] NAT router and off-premise SIP audio problem

Jim Greenfield, Computer Troubleshooters Metro NY/NJ nyc at comptroub.com
Sun Nov 2 06:04:51 MST 2003 

Rich, thank you for your informative reply. I checked with our admin and he
replied:

"I setup from the start "nat=yes" and "canreinvite=no" on sip phones from
Internet and modified the rtp channels (voice ports) and the rtp
port on the phones. Still have the same problem, no sound."

Perhaps the VPN solution is something we should try but this is more
limiting than we had wanted... the concept that we could simply attach a SIP
phone to a high speed internet connection anywhere, anytime (such as at a
hotel when traveling) and become one with our office was a compelling one.




-----Original Message-----
From: asterisk-users-admin at lists.digium.com
[mailto:asterisk-users-admin at lists.digium.com]On Behalf Of Rich Adamson
Sent: Saturday, November 01, 2003 8:53 AM
To: asterisk-users at lists.digium.com
Subject: Re: [Asterisk-Users] NAT router and off-premise SIP audio
problem


Jim,

> Off-premise SIPs are all behind simple NAT routers.
>
> Off-premise SIPs have been able to receive calls from and make calls
> through the PSTN. No problem. Calls between on-premise SIPs, not a
problem.
> Calls between off-premise SIPs and any other SIPs connected to the server
> are a problem... they ring up but no audio is passed in either direction.
>
> SIP.CONF has NAT=YES.
>
> We presume that a dedicated IP address for the Asterisk server would
resolve
> this but we would like to avoid the extra
> expense.
>
> What are we missing? TIA.

It's the same problem that lots of others have posted about for months,
and basically relates to not understanding the sip protocol during call
setup. From a 10,000 foot view, here's what happens during call setup:
 1. sip phone A dials sip phone B (communicates with * on udp 5060)
 2. asterisk tells phone A to contact B directly (on udp 5060) and phone
    A does that (works since phone A is behind the nat box and is allowed
    the outbound dataflow)
 3. phone A and phone B negotiate to establish the RTP channel (on some
    other udp port that is "dependent" upon the phone manufacturer)
 4. phone A is allowed to communicate on that RTP port through the
    outbound nat box.
 5. phone B is "not" allowed to pass inbound through the nat box on the
    choosen RTP port (since RTP is used for voice, it fails).

That last step is the problem.

You only have three choices today to fix the RTP problem in your case:
 1. use the canreinvite=no statement on the phone definitions in
    sip.conf (which then forces "all" RTP sessions to pass through
    the asterisk box, increasing the processor workload of the box), or,
 2. map each of the internal sip phones to a real registered IP address
    on the outside of the nat box. (Cheap nat boxes usually don't have
    this capability, however more expensive routers and firewalls do.)
 3. replace the nat boxes with the VPN equivalents, and use the VPN
    tunneling to force the external phones to appear on the inside of
    your asterisk network.

In those cases where there is only a single sip phone behind the nat
box (and assuming a cheap nat box), one can change the RTP port range
on some sip phones to some small specific set of udp ports, and then
map those udp ports in the nat box to the individual internal sip phone.
On the Cisco 7960 phones, the RTP port range can be set via Settings,
SIP Config, item 16 (Start Media Port) and item 17 (End Media Port).
One udp port will be required for each simultanous conversation supported
by the sip phone, therefore on a six-line phone using a udp port range
with at least six ports should work just fine.

Also note that not all nat boxes work the same. Some vendors include
special functions (and their marketing people exclude that technical
detail in their published data), while others boxes are just plain
dumb nat boxes.

The only realistic way to see what is going on is to use a packet
sniffer (like ethereal) to actually observe what the phone and nat
box is really doing.

Some working nat config's are just now beginning to get documented
at the http://www.voip-info.org site.



_______________________________________________
Asterisk-Users mailing list
Asterisk-Users at lists.digium.com
http://lists.digium.com/mailman/listinfo/asterisk-users

More information about the asterisk-users mailing list