[Asterisk-Users] A solution for SIP and NAT
John Todd
jtodd at loligo.com
Tue Jul 1 17:16:06 MST 2003
No, it works fine. SIP UA behind the NAT. Asterisk outside the NAT.
"nat=1" set on the SIP peer. Works fine. Really. It does.
I use Cisco equipment for my UA's. The catch might be that the Cisco
devices are "more" clever than their counterparts, and will compare
the "Via:" header against their own known IP address and re-issue
their REGISTERs and INVITEs after they learn of their external
addresses. However, I think Mark had this working with non-Cisco
devices as well by using "actual" port numbers instead of
SIP-reported port numbers, which breaks the RFC but makes for
functional SIP calls.
JT
>Maybe I mis-understood the question or the architecture. I assumed (I
>know), the SIP UA sat behind the NAT and Asterisk sat on the public IP
>network.(there are inhererent signaling problems in this scenario and will
>not work without either the device having the ability to learn the WAN IP
>address or the SIP aware firewall performing the translation for the SIP
>UA). If both the SIP UA and Asterisk are behind the NAT I would agree there
>is no reason the UA and Asterisk shouldn't work.
>
>Mike
>
>Michael Kane
>To-Talk Communications LLC.
>37 Sandusky Dr.
>Wareham, Ma. 02571
>508-295-2826
>----- Original Message -----
>From: "John Todd" <jtodd at loligo.com>
>To: <asterisk-users at lists.digium.com>
>Sent: Tuesday, July 01, 2003 6:20 PM
>Subject: Re: [Asterisk-Users] A solution for SIP and NAT
>
>
>> Sorry, I still don't know what you're talking about.
>>
>> Clients behind NAT can talk to Asterisk without difficulty, and I use
>> that functionality all the time. If that is not the case for you,
>> I'm afraid you'll have to be much more specific about your problems
>> for anyone to help you. Despite many claims that SIP can't run
>> behind a NAT without special configuration, I have proof that they're
>> wrong.
>>
>> JT
>>
>>
>> >Hello, NAT/Firewall is truely a problem in the ITSP arena.
>> >There is one solution I know of that works well as an integrated
>> >DHCP/NAT/Firewall into a SIP aware firewall. Check out
>> ><http://www.intertex.se>www.intertex.se and look at the IXX66
>> >products. They even have a device that integrates DSL/NAT/Firewall.
>> >Or, one can purchase a SIP device that supports STUN(Grandstream and
>> >SNOM are the only vendors I know of that do) and install a STUN
>> >server. If anyone is interested I have a STUN server running to
>> >test with. Hope this helped....
>> >
>> >Mike
>> >
>> >
>> >
>> >
>> >Michael Kane
>> >To-Talk Communications LLC.
>> >37 Sandusky Dr.
>> >Wareham, Ma. 02571
>> >508-295-2826
>> >----- Original Message -----
>> >From: "John Todd" <<mailto:jtodd at loligo.com>jtodd at loligo.com>
>> >To:
><<mailto:asterisk-users at lists.digium.com>asterisk-users at lists.digium.com>
>> >Sent: Tuesday, July 01, 2003 3:47 PM
>> >Subject: Re: [Asterisk-Users] A solution for SIP and NAT
>> >
>> > > I'm uncertain why you're not able to get SIP working for your user
>> >> agents (SIP clients.) With Cisco equipment, as an example, it works
>> >> quite well and almost every 79xx or ATA-186 I have is behind a NAT,
>> >> and this configuration is duplicated across a dozen or more systems
>> >> now running behind almost every conceivable NAT/PAT situation*
>> >>
>> >> Known working config:
>> >>
>> >> UA -> (NAT) -> Internet -> Asterisk
>> >>
>> >> Can you be more specific about your problems with SIP? Perhaps you
>> >> have done so in the past, but re-state and maybe someone can see what
> > >> the problem is.
> > >>
> > >> JT
> > >>
> > >>
> > >> *Note: the Cisco PIX, while supposedly SIP-friendly, has been the one
> > >> box that has not worked with NAT/PAT SIP sessions. I have not been
>> >> the admin on that system, but a fairly clueful Cisco wrangler has
>> >> been unable to make it work for originating calls in both directions
>> >> - only one-way origination works.)
>> >>
>> >>
>> >> >Hi all.
>> >> >
>> >> >I have come to the conclusion that there just isn't anything out
>there
>> >> >for allowing SIP and NAT to work together nicely. This is rather
>amazing
>> >> >considering that as far back as March 2000 there are documents
>> >> >describing how to do it.
>> >> >
>> >> >So I've started a really simple SIP and RTP proxy project, SaRP, on
>> >> >sourceforge.net. Yesterday we uploaded 0.2 of the perl based release.
>> >> >This is the first general release and should work for most people. We
>> >> >are using it quite successfully for standard calls between all sorts
>of
>> >> >NATed clients. All you need to do is forward UDP/5060 from your
>> >> >firewall/router to the box running SaRP if you want incoming calls to
>> >> >work and also allow UDP traffic from the ports listed in the config
>file
>> >> >out.
>> >> >
>> >> >The project can be found at
>> >><http://sarp.sourceforge.net/>http://sarp.sourceforge.net/
>> >> >
>> >> >I would be very interested in any feedback you may have.
>> > > >
>> > > >Regards
>> > > >
>> > > >Andrew Radke.
>> > > >_______________________________________________
>> > > >Asterisk-Users mailing list
>> > > >Asterisk-Users at lists.digium.com
>> > > >http://lists.digium.com/mailman/listinfo/asterisk-users
>> >>
>> >> _______________________________________________
>> >> Asterisk-Users mailing list
>> >>
><mailto:Asterisk-Users at lists.digium.com>Asterisk-Users at lists.digium.com
>> >>
>>
>>><http://lists.digium.com/mailman/listinfo/asterisk-users>http://lists.digi
>um.com/mailman/listinfo/asterisk-users
>> >>
>>
>> _______________________________________________
>> Asterisk-Users mailing list
>> Asterisk-Users at lists.digium.com
>> http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>
>_______________________________________________
>Asterisk-Users mailing list
>Asterisk-Users at lists.digium.com
>http://lists.digium.com/mailman/listinfo/asterisk-users
More information about the asterisk-users
mailing list