On 6/28/05, Sebastian Silva <[EMAIL PROTECTED]> wrote: > Hi everyone. > > 1. Asterisk as a SIP client behind nat, connecting to outside SIP Proxies: > #1 works with a NAT-supporting proxy as SIP Express router as the > outside proxy. (Get an account at IPtel.org and try!). Fails with Free > World Dialup. > > 2. Asterisk as a SIP client behind nat, connecting to inside SIP proxies: > #2 Works- no NAT in between > > 3. Asterisk as a SIP server behind nat, clients on the outside > connecting to Asterisk: > #3 Works with port forwarding and some header mangling magic > > 4. Asterisk as a SIP server behind nat, clients on the inside connecting > to Asterisk: > #4 Works - no NAT in between > > 5. Asterisk as a SIP client outside nat, connecting to outside SIP proxies: > #5 is no problem. No NAT in the middle > > 6. Asterisk as a SIP client outside nat, connecting to inside SIP proxies: > #6 is a problem if no port forwarding is done, similar to 3 above. > > 7. Asterisk as a SIP server outside nat, clients on the outside > connecting to Asterisk: > #7 is no problem. No NAT in the middle > > 8. Asterisk as a SIP server outside nat, clients on the inside > connecting to Asterisk: > #8 is solved with nat=yes and qualify=xxx in sip.conf for the client in > most cases. Some clients (X-lite) assist themselves by using STUN and > sending UDP keep-alive packets. Qualify sends keep-alive packets from > Asterisk to the client on the inside. > > from wiki > > Now, if you net to define a NAT, you have to set asterisk to > "canreinvite=no", "qualify=yes" and "nat=1". > > Also, INSTEAD of NAT, you can use a STUN server. To use a STUN server > you should set asterisk to "canreinvite=no", "qualify=no" and "nat=0" > (the STUN configuration is in your agents). >
You can use STUN instead of nat=yes (if the phone supports STUN properly). However, our experience is that we also need qualify=yes to prevent the phones becoming unreachable. Geert > hank wrote: > > how easy is it to set up a stun server? with asterisk amd will this fix > > part of the nat problem? > > ----- Original Message ----- From: "Ray Van Dolson" <[EMAIL PROTECTED]> > > To: "Asterisk Users Mailing List - Non-Commercial Discussion" > > <[email protected]> > > Sent: Tuesday, June 28, 2005 8:14 AM > > Subject: Re: [Asterisk-Users] How do you handle NAT? > > > > > >> We've been feeling our way along with the NAT stuff (using SIP) as well. > >> > >> At this point we are fairly small, so the keep-alive packets are not > >> too bad. > >> What type of user load are you at and what are the specs on your > >> Asterisk box? > >> I'm concerned we may run into this as well. > >> > >> We do have the luxury that each Sipura device we use is sitting behind > >> its own > >> NAT (a customer CPE). So we can do port-forwarding and in combination > >> with a > >> STUN server (MyStun), things work quite well. The only issues left to > >> deal > >> with are a lingering problem with ip_conntrack entries staying cached > >> because > >> of the "keep alive" packets due to qualify=yes after the CPE's IP address > >> changes. > >> > >> Curious to hear other's setups as well. I would *love* to start using > >> the > >> IAXy instead, but it has a couple shortcomings over the Sipura 2002's > >> we're > >> using now: > >> > >> - About $10/more > >> - Only has one line (apparently two lines is a bit more of a selling > >> point). > >> > >> Still trying to figure out a good way to make a case for the IAXy though. > >> > >> Ray > >> > >> On Tue, Jun 28, 2005 at 09:59:49AM -0500, Matthew Boehm wrote: > >> > >>> We are interested in how other people are handling NAT problems. We have > >>> several customers all of which have some sort of firewall/NAT device at > >>> their location. For simplicity sake, all customers' internal networks > >>> are 192.168.*.*. > >>> > >>> Our asterisk box is on public IP not blocked by any FW/NAT. > >>> > >>> I use QUALIFY=yes on all our customers' phones and I feel that sending > >>> out 80-something keep-alive packets is causing our box to crawl and > >>> cause bad calls. > >>> > >>> Would SER be better in this case? Should I have phones register with SER > >>> instead of with Asterisk? > >>> > >>> Thanks, > >>> Matthew > >>> > >>> P.S. Yes, I have read stuff on NAT on the wiki. I'm more interested in > >>> other real world, working, solutions. > >> > >> _______________________________________________ > >> Asterisk-Users mailing list > >> [email protected] > >> http://lists.digium.com/mailman/listinfo/asterisk-users > >> To UNSUBSCRIBE or update options visit: > >> http://lists.digium.com/mailman/listinfo/asterisk-users > > > > > > _______________________________________________ > > Asterisk-Users mailing list > > [email protected] > > http://lists.digium.com/mailman/listinfo/asterisk-users > > To UNSUBSCRIBE or update options visit: > > http://lists.digium.com/mailman/listinfo/asterisk-users > > > > -- > Sebastian Silva > G R U P O G A U S S > Depto. Sistemas > Av. Libertador 6250 4 piso > Tl.: 4 706-2222 (int. 121) > [EMAIL PROTECTED] > _______________________________________________ > Asterisk-Users mailing list > [email protected] > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > _______________________________________________ Asterisk-Users mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
