On Thu, Sep 18, 2008 at 4:18 PM, Stefan Gofferje <[EMAIL PROTECTED]> wrote: > Interesting. I have my Asterisk with RFC-1918 IPs behid a NATting PIX > and the FIXUP SIP of the PIX makes it very easy for me to use my * as > server for external clients as well as as client for SIP providers. > The PIX nicely replaces the RFC-1918 IP in the SIP-traffic with the > current (dynamic) public IP of itself and keeps track of the RTP > traffic. Actually, it also chages the ports in the RTP negotiation and > then automatically forward the RTP traffic to the ports, the * was offering. > Very very convenient. > > If the IOS firewall in the newer routers make problems, maybe I should > not change to an ISR as I planned :). > > > Terve, > Stefan >
Stefan, Your version of PIX might have finally gotten it right, but even recent 12.4T IOS releases tend to really confuse NAT situations (same seems to go for various PIX releases I've used). Part of the problem might be the use of things like nathelper: http://www.iptel.org/ser/doc/modules/nathelper While not related to Asterisk, inconsistencies across SIP ALGs usually cause various ranges of flags passed to nat_uac_test to fail and/or turn up different results depending on what, specifically, the ALG is doing. NAT handling capabilities at the proxy/registrar, inconsistencies across SIP ALGs, dumb PATs not doing any specific protocol fixups (lowest common denominator), and the increasing use of SIP TLS (no ability to snoop/modify SIP headers or bodies including SDPs) tells me that SIP ALGs are not the best solution in most cases, certainly not long term. -- Kristian Kielhofner http://blog.krisk.org _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- AstriCon 2008 - September 22 - 25 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
