We are interested in how other people are handling NAT problems. We have several customers all of which have some sort of firewall/NAT device at their location. For simplicity sake, all customers' internal networks are 192.168.*.*. Our asterisk box is on public IP not blocked by any FW/NAT. I use QUALIFY=yes on all our customers' phones and I feel that sending out 80-something keep-alive packets is causing our box to crawl and cause bad calls. Would SER be better in this case? Should I have phones register with SER instead of with Asterisk? Thanks, Matthew P.S. Yes, I have read stuff on NAT on the wiki. I'm more interested in other real world, working, solutions.
We've been feeling our way along with the NAT stuff (using SIP) as well. At this point we are fairly small, so the keep-alive packets are not too bad. What type of user load are you at and what are the specs on your Asterisk box? I'm concerned we may run into this as well. We do have the luxury that each Sipura device we use is sitting behind its own NAT (a customer CPE). So we can do port-forwarding and in combination with a STUN server (MyStun), things work quite well. The only issues left to deal with are a lingering problem with ip_conntrack entries staying cached because of the "keep alive" packets due to qualify=yes after the CPE's IP address changes. Curious to hear other's setups as well. I would *love* to start using the IAXy instead, but it has a couple shortcomings over the Sipura 2002's we're using now: - About $10/more - Only has one line (apparently two lines is a bit more of a selling point). Still trying to figure out a good way to make a case for the IAXy though. Ray On Tue, Jun 28, 2005 at 09:59:49AM -0500, Matthew Boehm wrote:> We are interested in how other people are handling NAT problems. We have > several customers all of which have some sort of firewall/NAT device at > their location. For simplicity sake, all customers' internal networks > are 192.168.*.*. > > Our asterisk box is on public IP not blocked by any FW/NAT. > > I use QUALIFY=yes on all our customers' phones and I feel that sending > out 80-something keep-alive packets is causing our box to crawl and > cause bad calls. > > Would SER be better in this case? Should I have phones register with SER > instead of with Asterisk? > > Thanks, > Matthew > > P.S. Yes, I have read stuff on NAT on the wiki. I'm more interested in > other real world, working, solutions.
> P.S. Yes, I have read stuff on NAT on the wiki. I'm more interested in > other real world, working, solutions.Apparently, Jasomi does pretty good SIP/NAT "far end traversal" solutions. From what I've read on the list, it's meant to be quite good - although expensive.
I am fighting this as we speak I have a friend who can't connect to me cause of a damn nat frankly its irritating me so any recommendations are welcome ----- Original Message ----- From: "Matthew Boehm" <mboehm@cytelcom.com> To: "Asterisk Users Mailing List - Non-Commercial Discussion" <asterisk-users@lists.digium.com> Sent: Tuesday, June 28, 2005 7:59 AM Subject: [Asterisk-Users] How do you handle NAT?> We are interested in how other people are handling NAT problems. We have > several customers all of which have some sort of firewall/NAT device at > their location. For simplicity sake, all customers' internal networks are > 192.168.*.*. > > Our asterisk box is on public IP not blocked by any FW/NAT. > > I use QUALIFY=yes on all our customers' phones and I feel that sending out > 80-something keep-alive packets is causing our box to crawl and cause bad > calls. > > Would SER be better in this case? Should I have phones register with SER > instead of with Asterisk? > > Thanks, > Matthew > > P.S. Yes, I have read stuff on NAT on the wiki. I'm more interested in > other real world, working, solutions. > > _______________________________________________ > Asterisk-Users mailing list > Asterisk-Users@lists.digium.com > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users
Matthew Boehm wrote:> We are interested in how other people are handling NAT problems. We > have several customers all of which have some sort of firewall/NAT > device at their location. For simplicity sake, all customers' internal > networks are 192.168.*.*. > > Our asterisk box is on public IP not blocked by any FW/NAT. > > I use QUALIFY=yes on all our customers' phones and I feel that sending > out 80-something keep-alive packets is causing our box to crawl and > cause bad calls. > > Would SER be better in this case? Should I have phones register with > SER instead of with Asterisk?Matthew, We use SER for user registration and NAT Keep Alives. It can handle thousands of messages per second without skipping a beat. I am pretty sure that Asterisk is not too happy about receiving all your keep alives:)> > Thanks, > Matthew > > >-- Andres Network Admin http://www.telesip.net