> Still trying to get NAT working.Try adding a canreinvite=no. Nabeel
IThanks for reply. I have inserted my comments in your reply.> > As you have already noted, trying to implement this with two nat boxes > is > very difficult and in some cases impossible. > > The only way to know for sure what is happening is to use a packet > analyzer > (eg, ethereal) to observe the packets on the inside and outside of each > nat > box. Keep in mind that no all nat boxes operate the same way; there are > major > differences even though we tend to characterize nat boxes as all the > same. > > The rtp ports used for voice (10000:20000 in your example) vary by > phone type. > Cisco uses a different range of ports, Xten another range, Grandsteam > yet > another. The ports you have listed are what asterisk uses and are > probably > not the same ports as what your remote phones use. Therefore, the exact > ports > that you need to open are dependent upon exactly which phones you > deploy, > and on well you understand the handshaking that goes on end-to-end when > establishing a sip call.I am using Polycom phones. Ports 10000-20000 are specified in the rtp.conf. Same phone worked just fines when used on same subnet.> > Likewise, not all phones operate the same from behind a nat box. The > snom > phones happen to be very good in terms of discovering where it sits in > the > end-to-end picture, while other phones are either very poor or don't > handle > nat well at all. Since you didn't mention what type of phones you use, > there's > no way to guess at what might be happening. Even if you post the phone > type, > its not going to be of much use to the rest of us since we don't know > the > type of nat box in use. >NAT box on the Asterisk side is a Linux running RedHat 9 and iptables. NAT box on the PHONE 2 end is a D-Link router. Default configuration is used.> You also might find (later) that not all nat boxes support multiple > phones > behind a nat box. Eg, if one phone is made to work and its in use, the > second > phone behind that nat box will probably fail. Some folks have been > successful > with multiple phones while many others have not, and most do not know > why.Yes, this is my concern too, but this is something I will worry about later. At the moment I want single phone to operate.> > You might be able to discover the nat problems by tracing packets (with > ethereal) from inside and outside that asterisk nat box, but I'd have > to guess > you'll have less then a 50% chance of seeing the issues without traces > from > inside the nat box at the phone location also. You really need a clear > understanding of the exact IP addresses and port numbers from "each" > location > to know how to solve the problem.Well, it seem strange that when trying to place a call, Asterisk uses correct address fro the PHONE 2 (public IP of the NAT device on the other end). And incoming registration is fine too. The problems start when actual SIP traffic is passed through. Asterisk uses local IP address in this case. It seems that it picks up addresses from IP packets and "forgets" about phone being behind the NAT device. This is judging only by SIP debug info Asterisk gives me. Rudolf
Thanks, I have tried that, but forgot to mention. No luck. Rudolf> Nabeel Jafferali <nabeel@jafferali.net> wrote: > > > Still trying to get NAT working. > > Try adding a canreinvite=no. > > Nabeel > _______________________________________________ > Asterisk-Users mailing list > Asterisk-Users@lists.digium.com > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users
I have used externip. Could it cause a problem if internal and extarnal networks use same IP range? Both of the are class C networks and are 192.168.1.x (this is a pretty common choice for addresses)? But then again, Astersik should interpret incoming traffic as something that came in from external public IP, not extract just the local IP address from the SIP packet. Am I right? Rudolf> Julian J. M. <julianjm@gmail.com> wrote: > > In you asterisk sip.conf: > [general] > externip=xxx.xxx.xxx.xxx ;ip address of your nat firewall (public ip) > localnet=192.168.0.0/24 ; the local subnet where the asterisk box is > > If you don't externip, externip will never be used, because asterisk > won't know WHEN to use it. > > Also, define canreinvite=no in your sip phones sections, as was > suggested above. > > Julian J. M. > > > On Wed, 2 Mar 2005 23:26:56 +1100, Rudolf Ladyzhenskii > <rudolfl@optusnet.com.au> wrote: > > Hi, all > > > > Still trying to get NAT working. > > > > I have following setup: > > > > PHONE 1 ------ * BOX > > | > > NAT/Firewall > > | > > | > > NAT/Firewall > > | > > | > > PHONE 2 > > > > Firewall next to phone 2 has all ports open. > > Firewall next to Asterisk has open ports 5060 and 10000:20000. All of > those > > are forwarded to Asterisk box. > > > > Both phones succesfully register with Asterisk. (I had to add NAT=yes > to > > configuration of PHONE 2 in sip.conf to get this far). > > Now, problems: > > I can place a call from PHONE2 to PHONE1, but sound path is not > established. > > Calls from PHONE1 to PHONE2 can not be placed at all. (I assume that > this is > > because port 5060 is not forwarded to the phone at NAT/Firewall, but > more on > > it later). > > > > Looking at SIP debug info, Asterisk tries to use local address of > PHONE2 > > instead of its public IP. As a result, no info can be sent to it. > > > > I have tried to install SIPROXD on the NAT/Firewall close to Asterisk > box, > > but this did not help. > > > > Now, we have tried to use one of the commercial VoIP service at > PHONE2 > > location. We had to use their phone and it worked just fine without > any > > alterations to NAT/Firewall device. I am pretty sure that they use > SIP, so > > they did resolve the problem somehow. Sorry, there is no technical > info > > available on this service. > > > > Did anyone succeeded in doing this setup? I know, IAX is a better > way, but I > > can not setup many Asterisk boxes. > > > > Basically, I am doing it for a friend. He is working for a small > medical > > company. They have number of offices that are not open every day and > offices > > are too small to put Asterisk box in each one. There will be 1-3 IP > phones > > in each office, except central one. Central one will need Asterisk, > the rest > > should be on their own. > > > > Any help is greatly appreciated. > > > > Thanks, > > Rudolf > > > > _______________________________________________ > > Asterisk-Users mailing list > > Asterisk-Users@lists.digium.com > > http://lists.digium.com/mailman/listinfo/asterisk-users > > To UNSUBSCRIBE or update options visit: > > http://lists.digium.com/mailman/listinfo/asterisk-users > > > _______________________________________________ > Asterisk-Users mailing list > Asterisk-Users@lists.digium.com > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users