[Asterisk-Users] BUG?: reinvite and nat

[Mike Machado]

I have a setup where I am using asterisk a SIP proxy. My ATA is behind
NAT. Asterisk user is setup with nat=1 and canreinvite=yes. The call
sets up and I can get one way media. The media works ok from the ATA
behind the NAT to the external SIP endpoint, but I cannot get media back
through the NAT. Calls work just fine if I call from the ATA into an
asterisk IVR menu, so I know the NAT router is working properly. Also,
if I set canreinvite=no, then things work ok.

I see some strange ReINVITEs happening that seem to be the cause of
this. When the ReINVITE is sent to the external SIP proxy, it puts SDP
parameters out of the raw SDP supplied by the ATA (internal IP), but
then issues a second ReINVITE with the correct external NAT IP (detected
from the packet source address), but a few moments later it send a 3rd
ReINVITE back to the internal NAT IP.

What I think is happening is when asterisk sent the ReINVITE toward the
ATA, when the ATA issued the 200 response with its SDP, by that time
asterisk had sent the 2nd ReINVITE (external IP) to the external SIP
endpoint, the 200 reply from the ATA had the internal NAT IP, which was
different than it just transmitted to the remote endpoint, so it thought
it had to send another 3rd ReINVITE, but this had the internal NAT IP,
so it broke media into the NAT from the remote UA. So, I think the bug
is that asterisk is sending this 3rd ReINVITE when it should not.

I have a trace of all the SIP messages here:

http://www.cheapnet.net/~mike/asterisk_excel_with_reinvite.log


This is a complicated issue, hopefully I explained it well. In that SIP
trace file, the remote SIP UA is 172.20.50.30 (media to .32 and .33),
asterisk is 172.20.50.22. The NAT box is 10.10.11.77 on the external
interface and 192.168.222.1 on the internal NAT side. The ATA is
192.168.222.197. Between 10.x and 172.x is straight routing (this is
internal test network). The only nat is 192.168.222.x is translated to
10.10.11.77 to reach any of the 172.x network.