[Asterisk-Users] Suggestion re: SIP/NAT/*

[Richard Branham]

Thanks to everyone for your input.  I've chosen to register my * server with
FWD's IAX service, and have my remote SIP users register as FWD clients.  I
think this will solve my biggest problems, and give me the added benefit of
having voice mail available if my * server is offline.


--------- Original Message --------
From: Benjamin on Asterisk Mailing Lists <benjk.on.asterisk.ml at gmail.com>
To: ryan at voxbox.ca <ryan at voxbox.ca>, Asterisk Users Mailing List -
Non-Commercial Discussion <asterisk-users at lists.digium.com>
Cc: rich.digium at branham.us
Subject: Re: [Asterisk-Users] Suggestion re: SIP/NAT/*
Date: 29/10/04 14:30

>
> On Thu, 28 Oct 2004 14:45:46 -0600, Ryan Courtnage
&lt;ryan-lists at voxbox.ca&gt; wrote:
> &gt; Yep, you can do this, just requires some port forwarding and special
> &gt; considerations in sip.conf.
>
> You are missing the point. There is no *solution* to SIP NAT
> traversal. All there is are *workarounds*, otherwise known as bad and
> rather dangerous hacks. Whether it works or not is highly dependent on
> external factors that you don't usually control. It also depends on
> the type of NAT/PAT your router is using, ie the router's particular
> NAT/PAT implementation.
>
> The fact remains that SIP NAT traversal setups are highly insecure and
> unreliable. Consider this to be the equivalent of locking your
> apartment with duct tape. It may work for you, but you wouldn't
> recommend it to anyone else UNLESS you wish them harm.
>
> Now, this is valid for single NAT situations and it is even more valid
> for double NAT situations.
>
> If you want to do this properly without duct tape, then you will have
> the three choices I mentioned:
>
> - If you must use SIP, don't use NAT
> - If you must use NAT, use IAX
> - If you must use both SIP and NAT, build a tunnel
>
> Anything else is improper and unprofessional.
>
> rgds
> benjk
>