[asterisk-users] SIP / STUN / Network - Help!!

Thu Jul 5 08:16:50 CDT 2007

Hi Everyone.

I'm in a quandry & don't know which way to go. - Obviously I'm an Asterisk
newbie although I've been watching this list for over 2 years now.

I've got an Asterisk box (actually, it's an AsteriskNOW box) up and running
here at home. - It's on my home LAN - NAT'ed behind my LinkSys router. - On
the same LAN I've got a Cisco 7940, 7960, and Sipura SPA-1001 (obviously,
all using SIP). - They all work fine. - They can call each other, leave &
retrieve voicemail, etc. - It's a VERY basic setup. - The box also has a
Digium TDM-400P card with one each FXO & FXS ports but I haven't gotten that
far in my testing.

What I want to do is take one of my SIP devices to my office (which is ALSO
behind another NAT) and try to connect with my home Asterisk box with it.

I've read in the VOIP WIKI that if both server & SIP device are behind
(separate, non-co-located) NATs, you need both port forwarding (at the
Asterisk server side) AND the use of STUN (I'm guessing STUN is for RTP
traffic). - Is this correct?

For port forwarding, my AsteriskNOW box has a static IP on the inside of my
NAT and I've configured the LinkSys router to port-forward ports 5060 (TCP &
UDP) and all the RTP port range used (UDP only) to the static IP of the
AsteriskNOW box. - Was this the right thing to do?

Although my home IP is supposed to be 'dynamic', it hasn't changed in 4
years! (shhh! Don't tell anyone, okay) - My LinkSys router DHCP's it's
'real-world-IP-address' DNS server, etc., from my cable-modem.

So I set up yet another Sipura SPA-1001, pointed it to my 'real-world' IP,
etc., took it to my my office, and it didn't work. - Naturally. - My luck.

Is it because I need a STUN server to go through? - Or what?

The reason I chose the Sipura over the Cisco hardphone is I've read that
Sipura works well via STUN.

I know Digium developed IAX to overcome this problem, but none of my devices
support IAX.

I've read that the STUN server CANNOT be behind a NAT. - But there's free
ones we can use. - My problem is that all the free STUN servers are in North
America. - I live in Japan. - About 30 miles north of Tokyo. - And my office
is in downtown Tokyo. - If I were to use a N.A. STUN server, I'm afraid I'll
run into all kinds of latency problems.

I have no clue how on how to build a STUN server. - And would like to avoid
this if possible.

But I've also read that if the Asterisk box has a 'real-world-IP' (plugging
my Asterisk box directly into my cable modem), port forwarding & STUN are
not needed on the devices. - For me, this would mean also making my Asterisk
box also a router so all the other stuff I have here at home would still
work. - Something I've never done but am willing to give it a shot.

If anybody wants to take me by the hand and lead me to a solution, I'll be
truly gratefull! - If you want to take it off-line (off-list), please e-mail
me: gary at guthary dot com  

Oh Yeah! - Whatever I learn from this adventure will be fully documented an
made freely available on my website for the next newbie who runs into a
similar situation.

Thanks in advance & I sincerely apologize if this posting is not appropriate
for this list.

Gary Guthary