[Asterisk-Users] Asterisk + Sip phones on Nat

Rich Adamson radamson at routers.com
Mon Oct 27 16:55:34 MST 2003


Chris,

> I install * and is working fine. I have 3 FXO cards w/ 3 phone lines. All 
> the phones are SIP phones (Grandstream). The SIP phones from
> the same LAN w/ Asterisk are working but on the external phones (from the 
> Internet) I dont have sound. All the Grandstream phones
> from the Internet are register from different locations behind a NAT.
> 
> All the sip users are register on * but the main issue is with sound L.
> 
> My * server is directly connected to the Internet and no firewall on 
> interfaces (eth0 to Internet and eth1 masquerade for my LAN).
> 
> What do you recommend me to do? To install stun, ser, I need some solutions?

There are literally hundreds of postings similar to yours in the archives,
and there is no one-answer-fits-all-nat-cases. You really have to understand
what NAT is doing for every single traversal, and then design a solution
around the problems associated with your case.

Based only on your description above, there is not enough technical information
to understand exactly what you're trying to accomplish.

But, here is a couple of suggestions...

Every sip phone requires two sets of addresses:
  a) phone registration happens on port 5060
  b) the conversation happens on different ports that are "dependent"
     upon the exact sip phone being used.
Both sets of ports have to be accessible between asterisk and the sip
phone.

So, if registration is happening, that means port 5060 is being used
between the sip phone and asterisk. That's good.

The SIP protocol (on port 5060) is going to try to negotiate some other
set of ports for the voice communications between the two sip phones.
Asterisk (in rtp.conf) will try to use ports between 10,000 and 20,000
(asterisk-to-sip-phone) while each sip phone manufacturer will try to 
use some other ports (sip-phone-to-asterisk and sip-phone-to-sip-phone).
Cisco 7960's, as an example, will try to use ports between 16384 and
32766 for voice communications. I don't know what Grandstream programmed
into their phones; someone might help here. The Xten.com soft phone
will try to use ports 8000 through 8012 (or something like that).

In any case, reading and understanding the RFC's for the SIP protocol
and "how" it works would go a long way towards solving your problem.

Your mission, should you decide to accept, is to figure out which
exact ports are "actually" going to be used, and either change those
default parameters, or program your NAT devices to allow transparent
data flows on the selected ports.

It's going to be far more difficult then what you might think as you
really have to understand exactly what ports are being mapped by each
piece of equipement between: a) the sip phones to asterisk, and,
b) sip phone to sip phone.

Once you have a solid understanding of what each piece of equipment is
doing, and what the end points are expecting, then and only then can
you program each device to take advantage of that knowledge and make
it work. Trial and error guessing at appropriate parameters will likely
take a loooong time.

The answer can be as simple as placing the "reinvite=no" parameter in
each sip phone definition (in sip.conf), or, as difficult as mapping each
of the nat translations between end points (and possibly changing default
phone port ranges) plus configuring the equipment to support the wanted
port ranges.

Not a cool answer, but nat problems are simple either.






More information about the asterisk-users mailing list