[asterisk-users] OT: Cisco 1841 - Can it be made SIP aware?

Kristian Kielhofner kkielhofner at star2star.com
Thu Sep 18 15:41:39 CDT 2008


On Thu, Sep 18, 2008 at 4:18 PM, Stefan Gofferje
<list-asterisk-users at gofferje.homelinux.org> wrote:
> Interesting. I have my Asterisk with RFC-1918 IPs behid a NATting PIX
> and the FIXUP SIP of the PIX makes it very easy for me to use my * as
> server for external clients as well as as client for SIP providers.
> The PIX nicely replaces the RFC-1918 IP in the SIP-traffic with the
> current (dynamic) public IP of itself and keeps track of the RTP
> traffic. Actually, it also chages the ports in the RTP negotiation and
> then automatically forward the RTP traffic to the ports, the * was offering.
> Very very convenient.
>
> If the IOS firewall in the newer routers make problems, maybe I should
> not change to an ISR as I planned :).
>
>
> Terve,
> Stefan
>

Stefan,

  Your version of PIX might have finally gotten it right, but even
recent 12.4T IOS releases tend to really confuse NAT situations (same
seems to go for various PIX releases I've used).

  Part of the problem might be the use of things like nathelper:

http://www.iptel.org/ser/doc/modules/nathelper

  While not related to Asterisk, inconsistencies across SIP ALGs
usually cause various ranges of flags passed to nat_uac_test to fail
and/or turn up different results depending on what, specifically, the
ALG is doing.

  NAT handling capabilities at the proxy/registrar, inconsistencies
across SIP ALGs, dumb PATs not doing any specific protocol fixups
(lowest common denominator), and the increasing use of SIP TLS (no
ability to snoop/modify SIP headers or bodies including SDPs) tells me
that SIP ALGs are not the best solution in most cases, certainly not
long term.

-- 
Kristian Kielhofner
http://blog.krisk.org



More information about the asterisk-users mailing list