[asterisk-users] NAT solutions

Gordon Henderson gordon+asterisk at drogon.net
Fri Jan 19 02:39:27 MST 2007


On Thu, 18 Jan 2007, Voip Asterisk wrote:

> I know that NAT is something no one really likes to talk about, but does
> anyone know how work with it elegantly?  There are many providers which deal
> with it on a daily basis in fact they cater to it, is this possible to do
> with asterisk or does it require other exotic setups?  I even know of a
> provider which uses asterisk with many different types of devices, and they
> handle all NAT config on their end even to the point of deciding to stay in
> the media stream or not  (ie when two endpoints are behind NAT you almost
> have to stay in the media stream unless you got it figured out like skype
> does).  What is the best way to work with NAT, and build a production
> system?

I have successfully installed * boxes behind NAT firewalls and had client 
devices (SIP phones) talk to it, with themselves being behind NAT 
firewalls without doing anything overly special, or using specialised 
appliances, SIP gateways and so on.

If you only have one * box behind the NAT gateway then I don't really see 
a big issue with it to be honest. Port-forward on the firewall/router 
device (5060 and 10000 through 20000) to the * device, and use STUN on the 
client device to help it get through it's local NAT firewall/router.

I have seen issues with overly clever NAT devices - Junipers for example. 
They have a SIP helper application, but I reckon it's broken - when we 
turned it off and reverted to basic port forwarding everything was sweet.

You do need additional runes in sip.conf:

nat=yes
externip=1.2.3.4
localnet=192.168.2.0/24

which makes a big difference!

(asterisk 1.2.x)

It doesn't solve the data traffic routing though - the * box does have to 
route traffic between 2 external SIP devices, alas.

Gordon


More information about the asterisk-users mailing list