asterisk users - Nov 2004 - problem facing on Firewall, NAT and asterisk

prasad_s wrote:

<snip>
> But the problem is when I call internally between two sip client I
don't get voice path between these two sip phones, i.e. I can not talk and
hear from both phones,
> though I get message on the asterisk server "connected".
> Is this because of Firewall and NAT between my sip client and asterisk
server?
Yes.
> But then how I get register to asterisk server?
> Is there any workaround for this problem
Read this: http://www.voip-info.org/wiki-NAT+and+VOIP

Flynn

On Wednesday 03 November 2004 19:37, prasad_s wrote:
> Hi all,
>
> I am using asterisk, which is running on one machine having static(global)
> IP. I have another machine(Internet server with global IP, with firewall)
> working as gateway for internal machines having local IP starting with
> 192.168.xxx.xxx. My SIP client(xten-xlite) is on LAN machine and registers
> to the asterisk server through this sip phone. All machines on the LAN,
> having sip phone are registered to asterisk server. But the problem is when
> I call internally between two sip client I don't get voice path between
> these two sip phones, i.e. I can not talk and hear from both phones, though
> I get message on the asterisk server "connected".
> Is this because of Firewall and NAT between my sip client and asterisk
> server? But then how I get register to asterisk server?
> Is there any workaround for this problem
>
The way that I get around this is to have a 2nd nic in the asterisk box which 
exists on the local (192.x.x.x) network. That way, my phones register to the 
servers' RFC1918 address. That server sets all local (RFC1918) phones to 
canreinvite=no and it works perfectly.
In my case, I run a firewall on the * box to try and keep the internal lan 
secure - obviously is someone hacks the * box then they've got access to my 
internal lan. This is not an ideal solution, but I think that it suffices atm 
- at least until * supports IPv6. Yes it means that there are 2 firewalls to 
maintain, but the * firewall never changes so it's not a great hassel.

Jon

Hi Prasad,

Install a Asterisk in your DMZ and one Asterisk inside of your Lan.
Set them to use IAX between them passing through your firewall.
A) Your SIP Phones in your lan will connect to your LAN's *.
B) The SIP Phones in the internet will connect to your DMZ's *.
C) A connnects to B through the Asterisk's IAX connection....

SIP doesn't work with firewalls.

Also, next time, post this kind of message in the asterisk-users list.

Isamar



On Wed, 3 Nov 2004, prasad_s wrote:
> Hi all,
>
> I am using asterisk, which is running on one machine having static(global)
IP.
> I have another machine(Internet server with global IP, with firewall)
working as gateway for internal machines having local IP starting with
192.168.xxx.xxx.
> My SIP client(xten-xlite) is on LAN machine and registers to the asterisk
server through this sip phone.
> All machines on the LAN, having sip phone are registered to asterisk
server.
> But the problem is when I call internally between two sip client I
don't get voice path between these two sip phones, i.e. I can not talk and
hear from both phones,
> though I get message on the asterisk server "connected".
> Is this because of Firewall and NAT between my sip client and asterisk
server?
> But then how I get register to asterisk server?
> Is there any workaround for this problem
>
> regards
> Prasad Somwanshi.
>

Hi all,

I am using asterisk, which is running on one machine having static(global) IP.
I have another machine(Internet server with global IP, with firewall) working as
gateway for internal machines having local IP starting with 192.168.xxx.xxx.
My SIP client(xten-xlite) is on LAN machine and registers to the asterisk server
through this sip phone.
All machines on the LAN, having sip phone are registered to asterisk server.
But the problem is when I call internally between two sip client I don't get
voice path between these two sip phones, i.e. I can not talk and hear from both
phones,
though I get message on the asterisk server "connected".
Is this because of Firewall and NAT between my sip client and asterisk server?
But then how I get register to asterisk server?
Is there any workaround for this problem

regards
Prasad Somwanshi.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.digium.com/pipermail/asterisk-users/attachments/20041103/028f10e2/attachment.htm