[Asterisk-Users] SIP x NAT
Rich Adamson
radamson at routers.com
Mon Jan 31 05:18:47 MST 2005
> I have a question for you:
>
> - "SIP doesn't work behind NAT very well"
>
> Do you agree with this sentence?
Depends. Asterisk behind a nat box tends to be an implementation
problem limited by the knowledge of the person doing the implementation
and somewhat by the functionality implemented within the nat box.
Sip phones behind a nat box (with asterisk on a registered IP address)
tends to be rather easy, and how well it works depends a lot on how
well the sip phone vendor implemented nat support.
Both asterisk and sip phones behind different nat boxes tends to be
the most difficult to implement and requires the greatest amount of
knowledge/experience to implement. Again, depends a lot on the
functionality provided in the nat boxes.
The issue with sip is that session startup and control occurs across
udp port 5060, and the two endpoints (* and phone) negotiate another
set of udp ports for the rtp (voice) session. The choice of which rtp
ports to use was left up to each sip phone vendor, so the udp port
number in use could be anything from about 8000 (xlite) to something
greater then 32,000.
Some firewall/nat boxes will actually watch the sip rtp negotiation
process by inspecting the contents of the sip packets, and open up the
wanted ports. However, most cheap nat boxes don't do that, and leave
it up to you to statically define/map the ports required.
More information about the asterisk-users
mailing list