[VoIP] SIP/firewall problem - the saga

john jones jjones3601 at yahoo.com
Tue Nov 21 18:43:06 CST 2006 

Here is a very good description of the issues of
SIP/RTP/NAT.

http://freshmeat.net/articles/view/2079/


John


--- Chad Perkins <chad at maine.maine.edu> wrote:

> You bet (as do most providers). Absolutely (as do
> most consumers).
> 
> So image my frustration when I took a two line PAP2
> or SPA-2002 and put a 
> commercial ITSP on Line 1 and put CNET on Line 2 via
> a remote Asterisk and 
> appear to have recurring intermittent problems only
> with Line 2.
> 
> My reading assignment for last night was:
>
http://voip-info.org/wiki/view/Asterisk+SIP+NAT+solutions
> (see #4) and
>
http://www.fridu.org/index.php?option=com_content&task=category&sectionid=6&id=
> 27&Itemid=55
> I am hopeful that with suffecient study and testing
> a workable solution and/or 
> workaround will manifest.
> c.
> 
> > Hmmmm.
> > Doesn't Vonage use SIP?  I'd bet at least some
> Vonage
> > customers use NAT!   Seems like Asterisk needs to
> be
> > enhanced to use SIP through NAT reliably.
> > 
> > --- "John R. Covert"
> > <john_reads_cnet_via_archives at covert.org> wrote:
> > > You will never see an end to problems attempting
> to
> > > do SIP connections
> > > from outside a NAT router to an Asterisk box.
> > > 
> > > Unless an Asterisk box is ON a public IP address
> > > (i.e. the actual
> > > interface _is_ the public address, with no NAT
> > > translation) you will
> > > have constant problems with clients trying to
> > > register.  You may be
> > > able to get one client to work, and then others
> will
> > > stop working.
> > > 
> > > There really is no NAT solution.
> > > 
> > > If you intend to provide service to SIP clients
> you
> > > MUST be on the
> > > public internet.  It's fine to be behind a
> firewall,
> > > but it must
> > > _not_ be doing any NAT translation of _either_
> ports
> > > _or_ IP
> > > addresses for the Asterisk box.  That means your
> > > router must be
> > > routing multiple IP addresses through to your
> > > internal network,
> > > or your router must be your asterisk box.
> > > 
> > > To be a "service provider" (even for your own
> > > portable ATAs or
> > > phones or softclients), you really want to make
> your
> > > Asterisk
> > > box BE your firewall.  Two NICs, one plugged
> > > directly into your
> > > internet connection, the other one providing
> your
> > > inside service.
> > > Nothing else will work reliably.  Asterisk is
> simply
> > > not designed
> > > to handle NAT well at all, except for a small
> number
> > > of cases of
> > > outbound-only registrations.
> > > 
> > > /john
> 
> 
> _______________________________________________
> VoIP mailing list
> VoIP at ckts.info
> http://lists.ckts.info/mailman/listinfo/voip
> Project Web Page: http://www.ckts.info/
> 
> 



 
____________________________________________________________________________________
Sponsored Link

Degrees online in as fast as 1 Yr
MBA, Bachelor's, Master's, Assoc
http://yahoo.degrees.info

More information about the VoIP mailing list