[asterisk-users] NAT solutions

[Gordon Henderson]

On Thu, 25 Jan 2007, Yuan LIU wrote:

> Thanks for this information.  Does this mean two IAX boxes can talk behind 
> their respective NAT's (without any server sitting in voice path)?  I'm 
> imagining this:
>
> Asterisk1 <--> NAT1 --- { Internet } --- NAT2 <--> Asterisk2

Using IAX, yes. It's quite straightforward to do. You do need to open the 
IAX port on each NAT device though - this may be called port-forwarding, 
depending on the hardware or its configuration interface. Essentially, you 
port-forward port 4569 from the outside to the IP address of the asterisk 
box on the inside on both sides.

Then have a look at:

http://astrecipes.net/index.php?n=204

To get you going.

> Is this the concept of STUN?  Does this also create latency (by adding an 
> additional leg in the route), packet loss, even jitter?

STUN doesn't intercept the data. It gives the client device hints as to 
how best to traverse the local NAT firewall.

IAX uses a single port for both commands and data. SIP uses more than one 
and thats when it gets hard as it's easy for a NAT router to track a 
single data stream, but tracking multiple is hard. I have noticed newer 
routers offering SIP NAT traversal though (and the later linux kernels 
claim to be able to do it) I guess, like handling FTP (which also uses 
multiple ports) they are inspecting the SIP packet contents to try to work 
out the RTP ports it's going to use and do the right thing.

I did have issues with a Juniper router recently though - the owner 
claimed it has SIP traversal but it didn't work, but when we turned it off 
and used old fashioned port forwarding it "just worked" ...

Gordon