Where is "Asterisk as a SIP server on the outside, SIP clients behind NAT connecting to Asterisk" ?
Our Asterisk server is on public IP, no NAT. Right now we have 4 separate customers, all of which are on T1s with some sort of firewall/NAT. We have access to all 4 FW/NAT's. Would allowing full, unrestricted access to our Asterisk's IP remove the need for qualify ? -Matthew > From: hank <[EMAIL PROTECTED]> > Reply-To: Asterisk Users Mailing List - Non-Commercial Discussion > <[email protected]> > Date: Tue, 28 Jun 2005 15:46:29 -0700 > To: Asterisk Users Mailing List - Non-Commercial Discussion > <[email protected]> > Subject: Re: [Asterisk-Users] How do you handle NAT? > > I think my problem is numbrer 3 cause basicly my friend who is not on my > router is trying to get connected to me but can't and I am the 1 that is > behind a nat. > thanks > hank > ----- Original Message ----- > From: "Sebastian Silva" <[EMAIL PROTECTED]> > To: "Asterisk Users Mailing List - Non-Commercial Discussion" > <[email protected]> > Sent: Tuesday, June 28, 2005 12:45 PM > Subject: Re: [Asterisk-Users] How do you handle NAT? > > >> Hi everyone. >> >> 1. Asterisk as a SIP client behind nat, connecting to outside SIP >> Proxies: >> #1 works with a NAT-supporting proxy as SIP Express router as the outside >> proxy. (Get an account at IPtel.org and try!). Fails with Free World >> Dialup. >> >> 2. Asterisk as a SIP client behind nat, connecting to inside SIP proxies: >> #2 Works- no NAT in between >> >> 3. Asterisk as a SIP server behind nat, clients on the outside connecting >> to Asterisk: >> #3 Works with port forwarding and some header mangling magic >> >> 4. Asterisk as a SIP server behind nat, clients on the inside connecting >> to Asterisk: >> #4 Works - no NAT in between >> >> 5. Asterisk as a SIP client outside nat, connecting to outside SIP >> proxies: >> #5 is no problem. No NAT in the middle >> >> 6. Asterisk as a SIP client outside nat, connecting to inside SIP proxies: >> #6 is a problem if no port forwarding is done, similar to 3 above. >> >> 7. Asterisk as a SIP server outside nat, clients on the outside connecting >> to Asterisk: >> #7 is no problem. No NAT in the middle >> >> 8. Asterisk as a SIP server outside nat, clients on the inside connecting >> to Asterisk: >> #8 is solved with nat=yes and qualify=xxx in sip.conf for the client in >> most cases. Some clients (X-lite) assist themselves by using STUN and >> sending UDP keep-alive packets. Qualify sends keep-alive packets from >> Asterisk to the client on the inside. >> >> from wiki >> >> Now, if you net to define a NAT, you have to set asterisk to >> "canreinvite=no", "qualify=yes" and "nat=1". >> >> Also, INSTEAD of NAT, you can use a STUN server. To use a STUN server you >> should set asterisk to "canreinvite=no", "qualify=no" and "nat=0" (the >> STUN configuration is in your agents). >> >> Sebas >> >> hank wrote: >>> how easy is it to set up a stun server? with asterisk amd will this fix >>> part of the nat problem? >>> ----- Original Message ----- From: "Ray Van Dolson" >>> <[EMAIL PROTECTED]> >>> To: "Asterisk Users Mailing List - Non-Commercial Discussion" >>> <[email protected]> >>> Sent: Tuesday, June 28, 2005 8:14 AM >>> Subject: Re: [Asterisk-Users] How do you handle NAT? >>> >>> >>>> We've been feeling our way along with the NAT stuff (using SIP) as well. >>>> >>>> At this point we are fairly small, so the keep-alive packets are not too >>>> bad. >>>> What type of user load are you at and what are the specs on your >>>> Asterisk box? >>>> I'm concerned we may run into this as well. >>>> >>>> We do have the luxury that each Sipura device we use is sitting behind >>>> its own >>>> NAT (a customer CPE). So we can do port-forwarding and in combination >>>> with a >>>> STUN server (MyStun), things work quite well. The only issues left to >>>> deal >>>> with are a lingering problem with ip_conntrack entries staying cached >>>> because >>>> of the "keep alive" packets due to qualify=yes after the CPE's IP >>>> address >>>> changes. >>>> >>>> Curious to hear other's setups as well. I would *love* to start using >>>> the >>>> IAXy instead, but it has a couple shortcomings over the Sipura 2002's >>>> we're >>>> using now: >>>> >>>> - About $10/more >>>> - Only has one line (apparently two lines is a bit more of a selling >>>> point). >>>> >>>> Still trying to figure out a good way to make a case for the IAXy >>>> though. >>>> >>>> Ray >>>> >>>> On Tue, Jun 28, 2005 at 09:59:49AM -0500, Matthew Boehm wrote: >>>> >>>>> We are interested in how other people are handling NAT problems. We >>>>> have >>>>> several customers all of which have some sort of firewall/NAT device at >>>>> their location. For simplicity sake, all customers' internal networks >>>>> are 192.168.*.*. >>>>> >>>>> Our asterisk box is on public IP not blocked by any FW/NAT. >>>>> >>>>> I use QUALIFY=yes on all our customers' phones and I feel that sending >>>>> out 80-something keep-alive packets is causing our box to crawl and >>>>> cause bad calls. >>>>> >>>>> Would SER be better in this case? Should I have phones register with >>>>> SER >>>>> instead of with Asterisk? >>>>> >>>>> Thanks, >>>>> Matthew >>>>> >>>>> P.S. Yes, I have read stuff on NAT on the wiki. I'm more interested in >>>>> other real world, working, solutions. >>>> >>>> _______________________________________________ >>>> Asterisk-Users mailing list >>>> [email protected] >>>> http://lists.digium.com/mailman/listinfo/asterisk-users >>>> To UNSUBSCRIBE or update options visit: >>>> http://lists.digium.com/mailman/listinfo/asterisk-users >>> >>> >>> _______________________________________________ >>> Asterisk-Users mailing list >>> [email protected] >>> http://lists.digium.com/mailman/listinfo/asterisk-users >>> To UNSUBSCRIBE or update options visit: >>> http://lists.digium.com/mailman/listinfo/asterisk-users >>> >> >> -- >> Sebastian Silva >> G R U P O G A U S S >> Depto. Sistemas >> Av. Libertador 6250 4 piso >> Tl.: 4 706-2222 (int. 121) >> [EMAIL PROTECTED] >> _______________________________________________ >> Asterisk-Users mailing list >> [email protected] >> http://lists.digium.com/mailman/listinfo/asterisk-users >> To UNSUBSCRIBE or update options visit: >> http://lists.digium.com/mailman/listinfo/asterisk-users > > _______________________________________________ > Asterisk-Users mailing list > [email protected] > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users _______________________________________________ Asterisk-Users mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
