On Thu, 18 Jan 2007, Voip Asterisk wrote:
I know that NAT is something no one really likes to talk about, but does
anyone know how work with it elegantly? There are many providers which deal
with it on a daily basis in fact they cater to it, is this possible to do
with asterisk or does it require other exotic setups? I even know of a
provider which uses asterisk with many different types of devices, and they
handle all NAT config on their end even to the point of deciding to stay in
the media stream or not (ie when two endpoints are behind NAT you almost
have to stay in the media stream unless you got it figured out like skype
does). What is the best way to work with NAT, and build a production
system?
I have successfully installed * boxes behind NAT firewalls and had client
devices (SIP phones) talk to it, with themselves being behind NAT
firewalls without doing anything overly special, or using specialised
appliances, SIP gateways and so on.
If you only have one * box behind the NAT gateway then I don't really see
a big issue with it to be honest. Port-forward on the firewall/router
device (5060 and 10000 through 20000) to the * device, and use STUN on the
client device to help it get through it's local NAT firewall/router.
I have seen issues with overly clever NAT devices - Junipers for example.
They have a SIP helper application, but I reckon it's broken - when we
turned it off and reverted to basic port forwarding everything was sweet.
You do need additional runes in sip.conf:
nat=yes
externip=1.2.3.4
localnet=192.168.2.0/24
which makes a big difference!
(asterisk 1.2.x)
It doesn't solve the data traffic routing though - the * box does have to
route traffic between 2 external SIP devices, alas.
Gordon
_______________________________________________
--Bandwidth and Colocation provided by Easynews.com --
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
