[asterisk-users] asterisk 11.6 nat problem

Matthew J. Roth mroth at imminc.com
Fri Oct 11 12:06:47 CDT 2013 

Jeremy Kister wrote:
> 
> using asterisk 11.6.0-rc1 i just converted my "nat=yes" to 
> "nat=auto_force_rport,auto_comedia"
> 
> I have my asterisk box on the same subnet as a cisco 1760 (vgw1).
> 
> a few times per day, Asterisk thinks vgw1 is dead (by qualify/options). 
>   A 'sip reload' always fixes the problem.
> 
> i left 'sip set debug peer vgw1' on the console.  but i dont see what's 
> causing the issue..
> 
> http://kister.net/tmp/ast-sip.conf
> http://kister.net/tmp/ast-console.txt
> 
> can anyone spot the issue?


Jeremy,

It looks like at some point Asterisk decides that vgw1's SIP port is
no longer 5060.  This may have to do with the NAT settings for that
device:

     Before 'sip reload'      |      After 'sip reload'
------------------------------|-----------------------------
* Name       : vgw1           | * Name       : vgw1
...                           | ...
Force rport  : Auto (Yes)     | Force rport  : Auto (No)
Symmetric RTP: Auto (Yes)     | Symmetric RTP: Auto (No)
...                           | ...
Addr->IP     : 10.9.1.9:59934 | Addr->IP     : 10.9.1.9:5060
...                           | ...
Status       : UNREACHABLE    | Status       : OK (19 ms)

Since the device is on the same subnet as your Asterisk server, you
could try setting 'nat=no' for the vgw1 peer.  That may not be a good
long-term solution because of its security implications¹, but it
could help determine if the NAT settings are the cause of the problem
and serve as a stopgap until you figure out why the port is changing.

Alternatively, you could try setting 'port=5060' for the vgw1 peer,
but that's the default so it may still get changed.

¹ From sip.conf.sample:

  IT IS IMPORTANT TO NOTE that if the nat setting in the general
  section differs from the nat setting in a peer definition, then the
  peer username will be discoverable by outside parties as Asterisk
  will respond to different ports for defined and undefined peers. For
  this reason it is recommended to ONLY DEFINE NAT SETTINGS IN THE
  GENERAL SECTION. Specifically, if nat=force_rport in one section and
  nat=no in the other, then valid peers with settings differing from
  those in the general section will be discoverable.

Regards,

Matthew Roth
InterMedia Marketing Solutions
Software Engineer and Systems Developer

More information about the asterisk-users mailing list