[VoIP] SIP/firewall problem - the saga
Chad Perkins
chad at maine.maine.edu
Tue Nov 21 17:46:21 CST 2006
You bet (as do most providers). Absolutely (as do most consumers).
So image my frustration when I took a two line PAP2 or SPA-2002 and put a
commercial ITSP on Line 1 and put CNET on Line 2 via a remote Asterisk and
appear to have recurring intermittent problems only with Line 2.
My reading assignment for last night was:
http://voip-info.org/wiki/view/Asterisk+SIP+NAT+solutions (see #4) and
http://www.fridu.org/index.php?option=com_content&task=category§ionid=6&id=
27&Itemid=55
I am hopeful that with suffecient study and testing a workable solution and/or
workaround will manifest.
c.
> Hmmmm.
> Doesn't Vonage use SIP? I'd bet at least some Vonage
> customers use NAT! Seems like Asterisk needs to be
> enhanced to use SIP through NAT reliably.
>
> --- "John R. Covert"
> <john_reads_cnet_via_archives at covert.org> wrote:
> > You will never see an end to problems attempting to
> > do SIP connections
> > from outside a NAT router to an Asterisk box.
> >
> > Unless an Asterisk box is ON a public IP address
> > (i.e. the actual
> > interface _is_ the public address, with no NAT
> > translation) you will
> > have constant problems with clients trying to
> > register. You may be
> > able to get one client to work, and then others will
> > stop working.
> >
> > There really is no NAT solution.
> >
> > If you intend to provide service to SIP clients you
> > MUST be on the
> > public internet. It's fine to be behind a firewall,
> > but it must
> > _not_ be doing any NAT translation of _either_ ports
> > _or_ IP
> > addresses for the Asterisk box. That means your
> > router must be
> > routing multiple IP addresses through to your
> > internal network,
> > or your router must be your asterisk box.
> >
> > To be a "service provider" (even for your own
> > portable ATAs or
> > phones or softclients), you really want to make your
> > Asterisk
> > box BE your firewall. Two NICs, one plugged
> > directly into your
> > internet connection, the other one providing your
> > inside service.
> > Nothing else will work reliably. Asterisk is simply
> > not designed
> > to handle NAT well at all, except for a small number
> > of cases of
> > outbound-only registrations.
> >
> > /john
More information about the VoIP
mailing list