[Asterisk-Users] Re: Media Path Optimization & NAT

[Adam Sherman]

Thanks for your patience, it is much appreciated. Continued below.

Rich Adamson wrote:
>>>>>>>>Now, I would very much like to remove the "canreinvite=no" from the 
>>>>>>>>provider's definition on sip.conf, but doing so causes Asterisk to send 
>>>>>>>>a re-invite to the provider pointing to a private IP. I thought that 
>>>>>>>>correct localnet entries would solve this...
>>>>>>>
>>>>>>>By changing to canreinvite=yes, are you expecting the asterisk box to
>>>>>>>act as a router, passing rtp traffic from your sip provider through
>>>>>>>the box to a sip phone with a private address (without passing
>>>>>>>asterisk code in the middle of the rtp session)?
>>>>>>
>>>>>>No, sorry. I'm looking for Asterisk to not issue the re-invites if the 
>>>>>>two devices can't see each other. Think of mobile users who are often 
>>>>>>behind the corporate firewall but also travel. I'm trying to avoid 
>>>>>>having the media path be "user->corporate lan->pstn provider". I want it 
>>>>>>to be "user->pstn provider".
>>>>
>>>>>When a user is in the office, his phone registers with asterisk, and he
>>>>>places calls through asterisk to the sip provider. But, when he's
>>>>>out of the office, he takes his phone with him, and you are wanting
>>>>>him to make use of the canreinvite=yes to allow his phone to connect
>>>>>directly to the sip provider avoiding asterisk (from an rtp perspective). 
>>>>>Is that right?
>>>>
>>>I don't believe what you want is possible. The issue is in how sip
>>>handles reinvites and nating (or lack thereof). What will further
>>>complicate this is the laptop, when out of the office, is likely to
>>>be behind yet a different nat box and the addressing used behind
>>>that box may be completely different from your office nat.

It is my understanding that an intelligent soft-phone using STUN should 
look like a system with a public IP when connecting to Asterisk. Thus, a 
re-invite between the provider and the soft-phone would work.

However, there is no way for me to be selective and allow re-invites 
between remote users and the provider, but not between local (NATed) 
users and anyone else. I could have the local users go through an 
"Outbound Proxy": would this solve the problem? I don't think so, since 
then the mobile users would have trouhle when in the office.

Let me restate my problem. I have a group of users behind a constrained 
pipe to the public network. There are a few mobile users that will 
mostly be working from their home offices. I *really* want to avoid 
having a call from a mobile user to a public number cause double the 
traffic on the corporate link. Am I making any kind of sense?

Thanks again,

A.