[Asterisk-Users] Am I missing somthing?
Glenn Dalgliesh
asterisk at techhat.com
Wed Oct 29 09:29:00 MST 2003
No this most likely willn't work unless you have open the correct ports on
each NAT device. The problem is that NAT in general only allows packet in if
a packet has gone out first. I am assuming you have left have the fact that
* is used to setup the SIP call setup and then should drop out. If so when
you try to * tell the phone you are trying to contact what Ip and port to
contact you on the far end phone starts a RTP stream to that IP and port but
since your phone has not sent out an packet to the End phones ip on that
port the packets are just dropped. So, in most cases having NAT=yes and
CANREINVITE=no is the simplest although may not be the most efficient use of
bandwidth.
Below are some technical documents that help explain what the problems are
and how some people are dealing with it.
Document you should Read about NAT and SIP
http://corp.deltathree.com/technology/nattraversalinsip.pdf
http://www.ietf.org/proceedings/01aug/slides/avt-6/sld001.htm
--Info from FreeWorldDialup configuration with NAT
How do I go through a NAT?
Normally, if your SIP Telephone supports "STUN", When using NAT (Network
Address Translation), both the SIP telephone and NAT sometimes need to be
configured. We have deployed a solution from Jasomi Networks
<http://www.jasomi.com> that helps FWD users traverse NATs and Firewalls but
if you SIP Telephone supports STUN like the Cisco 7960 and Cisco ATA-186
does, it is much preferred if you take the time to enable port forwarding
thru your NAT to your SIP Telephone.
Many NAT products have a web based configuration tool.
For example, on the Linksys NAT, Packet forwarding shows up under the
advanced tab on setup.
The key with getting the NAT problem solved on the ATA-186 is to forward the
SIP port: 5060 to the IP address assigned to the IP phone and then to
forward the media port range 16384 to 16391 to the IP address assigned to
the IP Phone. The Cisco 7960 requires the media port range of 16384 to 32768
to be fowarded to the IP Phone.
We recommend that members of the FWD Community consider using SIP Friendly
firewalls such as the products of InterTex <http://www.internex.se> and
Ingate.
Cisco ATA-186 NAT Notes: For the ATA 186, if you are using ATA firmware
version below 2.14, set the NATIP field to the NAT device's public IP
address, disable DHCP and set the StaticIP, StaticRoute, and StaticNetMask
fields for your private network's values. The NAT device must be configured
to forward the SIPPort and a range of 8 ports starting at MediaPort.
If you are using ATA firmware version 2.14 or above, you are not required to
set NATIP. Check out this link:
<http://www.cisco.com/univercd/cc/td/doc/product/voice/ata/atarn/186rn214.ht
m>for more information regarding release 2.14. In release 2.14, you may
leave the NAT IP address at the default value of "0" or "0.0.0.0" and let
the ATA automatically scan the Via header for a "received=" parameter when a
message is received. The parameter, if present, would indicate to the Cisco
ATA 186 that it is operating behind a firewall.
I'm still having NAT problems, now what? Note: If you are using ZoneAlarm
you will need to disable it, or at least be able to open up port: 5082.
You can visit the FWD QuickStart Guide
<http://pulver.com/fwd/quick/nat.html> and view the configuration for four
of the most popular FWD endpoints for somebody who is behind a NAT/Firewall
including: Windows Messenger, SJphone, ATA-186, Cisco 7960. Other models
most likely will work, but it will be up to the community to report their
success with us so we will know for certain.
If you find yourself still having trouble, please email jeff at pulver.com
<mailto:jeff at pulver.com>, with the subject: "Need Alternative Proxy Help".
Jeff's .NET ID is jeff at pulver.com and he is available to provide limited
real-time support.
In your email, please let Jeff know your FWD Number and the kind of client
that you are trying to register on the FWD Network.
----- Original Message -----
From: "WipeOut" <wipe_out at onetel.com>
To: <asterisk-users at lists.digium.com>
Sent: Wednesday, October 29, 2003 4:14 AM
Subject: [Asterisk-Users] Am I missing somthing?
> Should the following setup work?
>
> SIP UA---NAT---Internet---NAT---SIP UA
>
> If both UA's support STUN and report the external IP address in the SIP
> packet..
>
> I am trying to get away from using canreinvite=no so that traffic can go
> directly between the UA's and not via the central server but I can't
> seem to get it to work..
>
> Has anyone set this up and can give me some pointers??
>
> Later..
>
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
More information about the asterisk-users
mailing list