Hi, Since the recent update to the NAT configuration options and defaults in chan_sip.so, I am interested in any SIP/NAT best practices advice.
What I've always done in the past is: Global: nat=no SIP handsets that are local: nat=no SIP handsets that are remote: nat=yes ITSP SIP trunks: nat=yes I will then set externip and localnet to reflect the local setup, UNLESS there is a functional SIP ALG doing the work in the gateway device. I make this statement because I've found one or two firewalls where it is best to disable the SIP ALG, and one or two where it is best to leave it enabled. The above always worked very well, but I now find my asterisk logs being spammed with warnings containing lots of "!!" and I'd like to know the best way to operate to achieve what I've always had while following the new rules in order to be as secure as possible with "clean" logs. I should add that we do not accept unsolicited connections, and 99% of attempts to connect will be stopped at the firewall. Thanks, Steve -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
