[Asterisk-Users] A solution for SIP and NAT

Michael Kane mkane at to-talk.com
Tue Jul 1 17:58:16 MST 2003 

Your correct, Cisco devices stuff the WAN address in the Via: header which
in turn allows the proxy to correctly register the UA for an incoming call
attempt to that UA.  If Mark is mentioning STUN as I said before, the only
devices I'm aware of are the SNOM 100 and Grandstream 101.  These devices
rely on an external mechanism to properly construct the Via: header
otherwise the proxy has the incorrect return IP address of the UA.



Michael Kane
To-Talk Communications LLC.
37 Sandusky Dr.
Wareham, Ma. 02571
www.to-talk.com
508-295-2826
----- Original Message ----- 
From: "John Todd" <jtodd at loligo.com>
To: <asterisk-users at lists.digium.com>
Sent: Tuesday, July 01, 2003 8:16 PM
Subject: Re: [Asterisk-Users] A solution for SIP and NAT


>
> No, it works fine.  SIP UA behind the NAT.  Asterisk outside the NAT.
> "nat=1" set on the SIP peer.  Works fine.  Really.  It does.
>
> I use Cisco equipment for my UA's.  The catch might be that the Cisco
> devices are "more" clever than their counterparts, and will compare
> the "Via:" header against their own known IP address and re-issue
> their REGISTERs and INVITEs after they learn of their external
> addresses.  However, I think Mark had this working with non-Cisco
> devices as well by using "actual" port numbers instead of
> SIP-reported port numbers, which breaks the RFC but makes for
> functional SIP calls.
>
> JT
>
>
> >Maybe I mis-understood the question or the architecture.  I assumed (I
> >know), the SIP UA sat behind the NAT and Asterisk sat on the public IP
> >network.(there are inhererent signaling problems in this scenario and
will
> >not work without either the device having the ability to learn the WAN IP
> >address or the SIP aware firewall performing the translation for the SIP
> >UA).  If both the SIP UA and Asterisk are behind the NAT I would agree
there
> >is no reason the UA and Asterisk shouldn't work.
> >
> >Mike
> >
> >Michael Kane
> >To-Talk Communications LLC.
> >37 Sandusky Dr.
> >Wareham, Ma. 02571
> >508-295-2826
> >----- Original Message -----
> >From: "John Todd" <jtodd at loligo.com>
> >To: <asterisk-users at lists.digium.com>
> >Sent: Tuesday, July 01, 2003 6:20 PM
> >Subject: Re: [Asterisk-Users] A solution for SIP and NAT
> >
> >
> >>  Sorry, I still don't know what you're talking about.
> >>
> >>  Clients behind NAT can talk to Asterisk without difficulty, and I use
> >>  that functionality all the time.  If that is not the case for you,
> >>  I'm afraid you'll have to be much more specific about your problems
> >>  for anyone to help you.  Despite many claims that SIP can't run
> >>  behind a NAT without special configuration, I have proof that they're
> >>  wrong.
> >>
> >>  JT
> >>
> >>
> >>  >Hello, NAT/Firewall is truely a problem in the ITSP arena.
> >>  >There is one solution I know of that works well as an  integrated
> >>  >DHCP/NAT/Firewall into a SIP aware firewall.  Check out
> >>  ><http://www.intertex.se>www.intertex.se  and look at the IXX66
> >>  >products.  They even have a device that integrates DSL/NAT/Firewall.
> >>  >Or, one can purchase a SIP device that supports STUN(Grandstream and
> >>  >SNOM are the only vendors I know of that do) and install a STUN
> >>  >server.  If anyone is interested I have a STUN server running to
> >>  >test with.  Hope this helped....
> >>  >
> >>  >Mike
> >>  >
> >>  >
> >>  >
> >>  >
> >>  >Michael Kane
> >>  >To-Talk Communications LLC.
> >>  >37 Sandusky Dr.
> >>  >Wareham, Ma. 02571
> >>  >508-295-2826
> >>  >----- Original Message -----
> >>  >From: "John Todd" <<mailto:jtodd at loligo.com>jtodd at loligo.com>
> >>  >To:
> ><<mailto:asterisk-users at lists.digium.com>asterisk-users at lists.digium.com>
> >>  >Sent: Tuesday, July 01, 2003 3:47 PM
> >>  >Subject: Re: [Asterisk-Users] A solution for SIP and NAT
> >>  >
> >>  >  > I'm uncertain why you're not able to get SIP working for your
user
> >>  >>  agents (SIP clients.)  With Cisco equipment, as an example, it
works
> >>  >>  quite well and almost every 79xx or ATA-186 I have is behind a
NAT,
> >>  >>  and this configuration is duplicated across a dozen or more
systems
> >>  >>  now running behind almost every conceivable NAT/PAT situation*
> >>  >>
> >>  >>  Known working config:
> >>  >>
> >>  >>  UA -> (NAT) -> Internet -> Asterisk
> >>  >>
> >>  >>  Can you be more specific about your problems with SIP?  Perhaps
you
> >>  >>  have done so in the past, but re-state and maybe someone can see
what
> >  > >>  the problem is.
> >  > >>
> >  > >>  JT
> >  > >>
> >  > >>
> >  > >>  *Note: the Cisco PIX, while supposedly SIP-friendly, has been the
one
> >  > >>  box that has not worked with NAT/PAT SIP sessions.  I have not
been
> >>  >>  the admin on that system, but a fairly clueful Cisco wrangler has
> >>  >>  been unable to make it work for originating calls in both
directions
> >>  >>  - only one-way origination works.)
> >>  >>
> >>  >>
> >>  >>  >Hi all.
> >>  >>  >
> >>  >>  >I have come to the conclusion that there just isn't anything out
> >there
> >>  >>  >for allowing SIP and NAT to work together nicely. This is rather
> >amazing
> >>  >>  >considering that as far back as March 2000 there are documents
> >>  >>  >describing how to do it.
> >>  >>  >
> >>  >>  >So I've started a really simple SIP and RTP proxy project, SaRP,
on
> >>  >>  >sourceforge.net. Yesterday we uploaded 0.2 of the perl based
release.
> >>  >>  >This is the first general release and should work for most
people. We
> >>  >>  >are using it quite successfully for standard calls between all
sorts
> >of
> >>  >>  >NATed clients. All you need to do is forward UDP/5060 from your
> >>  >>  >firewall/router to the box running SaRP if you want incoming
calls to
> >>  >>  >work and also allow UDP traffic from the ports listed in the
config
> >file
> >>  >>  >out.
> >>  >>  >
> >>  >>  >The project can be found at
> >>  >><http://sarp.sourceforge.net/>http://sarp.sourceforge.net/
> >>  >>  >
> >>  >>  >I would be very interested in any feedback you may have.
> >>  >  > >
> >>  >  > >Regards
> >>  >  > >
> >>  >  > >Andrew Radke.
> >>  >  > >_______________________________________________
> >>  >  > >Asterisk-Users mailing list
> >>  >  > >Asterisk-Users at lists.digium.com
> >>  >  > >http://lists.digium.com/mailman/listinfo/asterisk-users
> >>  >>
> >>  >>  _______________________________________________
> >>  >>  Asterisk-Users mailing list
> >>  >>
> ><mailto:Asterisk-Users at lists.digium.com>Asterisk-Users at lists.digium.com
> >>  >>
> >>
>
>>><http://lists.digium.com/mailman/listinfo/asterisk-users>http://lists.dig
i
> >um.com/mailman/listinfo/asterisk-users
> >>  >>
> >>
> >>  _______________________________________________
> >>  Asterisk-Users mailing list
> >>  Asterisk-Users at lists.digium.com
> >>  http://lists.digium.com/mailman/listinfo/asterisk-users
> >>
> >
> >_______________________________________________
> >Asterisk-Users mailing list
> >Asterisk-Users at lists.digium.com
> >http://lists.digium.com/mailman/listinfo/asterisk-users
>
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
>

More information about the asterisk-users mailing list