I know that NAT is something no one really likes to talk about, but does anyone know how work with it elegantly? There are many providers which deal with it on a daily basis in fact they cater to it, is this possible to do with asterisk or does it require other exotic setups? I even know of a provider which uses asterisk with many different types of devices, and they handle all NAT config on their end even to the point of deciding to stay in the media stream or not (ie when two endpoints are behind NAT you almost have to stay in the media stream unless you got it figured out like skype does). What is the best way to work with NAT, and build a production system? exo -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20070118/aed2f9e0/attachment.htm
Voip Asterisk wrote:> I know that NAT is something no one really likes to talk about, but > does anyone know how work with it elegantly? There are many providers > which deal with it on a daily basis in fact they cater to it, is this > possible to do with asterisk or does it require other exotic setups? > I even know of a provider which uses asterisk with many different > types of devices, and they handle all NAT config on their end even to > the point of deciding to stay in the media stream or not (ie when two > endpoints are behind NAT you almost have to stay in the media stream > unless you got it figured out like skype does). What is the best way > to work with NAT, and build a production system?Use a far end nat traversal appliance. Acmepacket , kagoor and Jasomi are some examples. Leo
What about open sip stack: http://www.opensipstack.org/ ?> Use a far end nat traversal appliance. Acmepacket , kagoor and Jasomi > are some examples. > > Leo > >-------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20070118/5235059c/attachment.htm
On Thu, 18 Jan 2007, Voip Asterisk wrote:> I know that NAT is something no one really likes to talk about, but does > anyone know how work with it elegantly? There are many providers which deal > with it on a daily basis in fact they cater to it, is this possible to do > with asterisk or does it require other exotic setups? I even know of a > provider which uses asterisk with many different types of devices, and they > handle all NAT config on their end even to the point of deciding to stay in > the media stream or not (ie when two endpoints are behind NAT you almost > have to stay in the media stream unless you got it figured out like skype > does). What is the best way to work with NAT, and build a production > system?I have successfully installed * boxes behind NAT firewalls and had client devices (SIP phones) talk to it, with themselves being behind NAT firewalls without doing anything overly special, or using specialised appliances, SIP gateways and so on. If you only have one * box behind the NAT gateway then I don't really see a big issue with it to be honest. Port-forward on the firewall/router device (5060 and 10000 through 20000) to the * device, and use STUN on the client device to help it get through it's local NAT firewall/router. I have seen issues with overly clever NAT devices - Junipers for example. They have a SIP helper application, but I reckon it's broken - when we turned it off and reverted to basic port forwarding everything was sweet. You do need additional runes in sip.conf: nat=yes externip=1.2.3.4 localnet=192.168.2.0/24 which makes a big difference! (asterisk 1.2.x) It doesn't solve the data traffic routing though - the * box does have to route traffic between 2 external SIP devices, alas. Gordon
Asterisk1 <--> NAT1 --- { Internet } --- NAT2 <--> Asterisk2 is one
of
the easiest configs to put together. Works extremely well and requires
opening a single port on each NAT.
-----Original Message-----
From: asterisk-users-bounces@lists.digium.com
[mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Yuan LIU
Sent: Thursday, January 25, 2007 11:19 PM
To: asterisk-users@lists.digium.com
Subject: Re: [asterisk-users] NAT solutions
>From: Brad Templeton <brad+aster@templetons.com>
> > I have a really dumb question. It appears that Yahoo, MSN, AIM, you
>name
> > them, they don't have a NAT problem, and some use SIP. I
don't
> > think
>they
> > all stay in voice path, either. What takes?
>
>When you control both ends of the path, you can eliminate all NAT
>problems. Skype also deals almost perfectly with NAT (by using
>other nodes as relays if necessary) as does IAX. SIP was designed
Thanks for this information. Does this mean two IAX boxes can talk
behind their respective NAT's (without any server sitting in voice
path)? I'm imagining this:
Asterisk1 <--> NAT1 --- { Internet } --- NAT2 <--> Asterisk2
If Asterisk1 can talk to Asterisk2 at trunk level, I'll be happy.