[Asterisk-Users] Sip UA behind NAT

Mike Holloway asterisk-users at citrini.com
Tue Jun 7 03:46:49 MST 2005 

Eric, the SIP/RTP protocol does not inherently work well in NAT'd 
environments.  There are several commerical solutions out there to help 
users traverse NAT routers and firewalls successfully, with varying 
levels of success.  I find that many commercial nat routers for home 
users (most notably Linksys) tend to lose their nat port mappings 
occasionally, causing the UA to miss incoming calls.  One such 
commercial company you could investigate is:

http://jasomi.com/index2.html


Since you mention that the NAT'd user is using a software UA, I might 
recommend you instead investigate using the IAX protocol and an IAX 
software client (such as Firefly), the IAX protocol muxes both the call 
setup/teardown messenging and the real time voice traffic into a single 
port, which easily traverses bi-directionally through nat routers.  This 
assumes that the IAX UA client generates some level of traffic every few 
minutes to keep the nat router port translation mapping active - this is 
usally done by having the client re-register with the registration 
server (asterisk in this case) every few minutes.  The IAX protocol was 
developed by your same friendly Asterisk developers, and is currently 
being groomed for submission to the IETF for RFC.

A brief comparison between SIP and IAX can be found here:
http://www.voip-info.org/wiki-IAX+versus+SIP


A list of hardware and software IAX UA's can be found here:
http://www.voip-info.org/wiki-Asterisk+IAX+clients


-mike

Eric Yu-Wei Sung wrote:
> Hi, is there any way I could make this work without having to explicitly 
> perform port forwarding for RTP traffic at my NAT? (i.e. NAT 
> transparently sets up the RTP channel for the internal SIP UA with the 
> external SIP UA) Thanks Eric Date: Fri, 03 Jun 2005 09:13:18 -0500 From: 
> Mike Holloway <asterisk-users at citrini.com> Subject: Re: [Asterisk-Users] 
> Sip UA behind NAT To: Asterisk Users Mailing List - Non-Commercial 
> Discussion <asterisk-users at lists.digium.com> Message-ID: 
> <42A0657E.3080604 at citrini.com> Content-Type: text/plain; 
> charset=ISO-8859-1; format=flowed Eric, The problem you are seeing is 
> because the RTP (voice) packets being sent towards the NAT'd UA are 
> being blocked by the NAT router. The UA being used behind NAT will need 
> to have a static IP address set (e.g. 192.168.1.50) and on the NAT 
> router you will need to permanently forward (port forward) SIP and RTP 
> ports to the internal IP address. I recommend ports 5060 and 
> 16384-16400. On the NAT'd UA, set the SIP port to 5060 and the RTP ports 
> to 16384-16400. If your UA only supports one RTP port, just use 16384. 
> As Forrest noted, you will also want to set canreinvite=no in sip.conf 
> for the NAT'd UA. You should also set nat=yes, which will force asterisk 
> to re-write SIP packets coming from the NAT'd UA to the correct external 
> IP address of the NAT router. -mike Eric Yu-Wei Sung wrote:
> 
>>> I am trying to make 1 soft SIP UA behind NAT connect to a public hard 
>>> CISCO UA via a public asterisk server. The CISCO UA can hear the 
>>> voice from the SIP UA but not vice versa. I do set nat to yes for the 
>>> soft phone. Any help would be greatly appreciated.
>>>
>>> Below is my sip.conf
>>>
>>> [general]
>>>
>>> port = 8060           ; Port to bind to (SIP is 5060)
>>> bindaddr = 0.0.0.0    ; Address to bind to (all addresses on machine)
>>> allow=all             ; Allow all codecs
>>> context = bogon-calls ; Send SIP callers that we don't know about here
>>>
>>> [2000]    ; soft phone behind NAT
>>>
>>> type=friend           ; This device takes and makes calls
>>> username=2000         ; Username on device
>>> host=dynamic          ; This host is not on the same IP addr every time
>>> context=from-sip      ; Inbound calls from this host go here
>>> mailbox=100           ; Activate the message waiting light if this
>>>                      ; voicemailbox has messages in it
>>> nat=yes
>>>
>>> [2002]                ; CISCO hard phone
>>>
>>> type=friend
>>> username=2002
>>> secret=2002
>>> host=dynamic
>>> context=from-sip
>>> mailbox=103
>>>
>>>
>>> _______________________________________________
>>> Asterisk-Users mailing list
>>> Asterisk-Users at lists.digium.com
>>> http://lists.digium.com/mailman/listinfo/asterisk-users
>>> To UNSUBSCRIBE or update options visit:
>>>   http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>>
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
> 
>

More information about the asterisk-users mailing list