Hi, everyone, We've been reasonably happy with Polycom SoundPoint phones, but we only have them installed on the LAN. I've read that they have problems working across NAT. So ... I guess I have a few questions. First, is there a way to get Polycoms to work well over NAT? If not, then are there phones of comparable voice quality that do work well over NAT? Without costing a lot more? Thanks! Jen
On Saturday 15 April 2006 21:12, jennyw wrote:> We've been reasonably happy with Polycom SoundPoint phones, but we only > have them installed on the LAN. I've read that they have problems > working across NAT. So ... I guess I have a few questions. First, is > there a way to get Polycoms to work well over NAT? If not, then are > there phones of comparable voice quality that do work well over NAT? > Without costing a lot more?Polycoms (the IP501s at any rate) work EXCEPTIONALLY well through NAT. It's as literally dead-simple as plug-and-go. No configuration on the phone, and all you want is a nat=yes in their sip.conf entry. That's it. Seriously. Olle's Symmetric RTP code is what makes it work so well. I have two IP501s behind a factory-default WRT54G on regular consumer ADSL hitting an Asterisk box on a real IP. The WRT54 has no configuration to reflect port-forwards and the only thing Asterisk has is nat=yes for those two extensions. It Just Works. And I'm still stunned by it. :-) Olle... Thank you once again for the symmetric RTP code in Asterisk. It's a godsend. -A.
Chris Mason (Lists)
2006-Apr-16 06:20 UTC
[Asterisk-Users] Phones that work well through NAT
jennyw wrote:> We've been reasonably happy with Polycom SoundPoint phones, but we > only have them installed on the LAN. I've read that they have problems > working across NAT. So ... I guess I have a few questions. First, is > there a way to get Polycoms to work well over NAT? If not, then are > there phones of comparable voice quality that do work well over NAT? > Without costing a lot more? >It's not NAT that's the problem, it's the implementation of NAT that is the variable and causes the problems. I send Polycoms to our remote users and usually have no problems behind NAT, but one user had so much trouble we had to move the Polycom outside the firewall and use the passt hrough to connect the firewall. If you can proscribe a M0n0wall firewall box you can handle any NAT problems but if you are stuck using some funky $50 firewall/router, chances are you will have problems. -- Chris Mason NetConcepts -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
What firewall was the problem user running? We have Polycoms behind Linux, Mikrotik, Linksys, Dlink, Netgear, etc all without any problems. Bill -----Original Message----- From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Chris Mason (Lists) Sent: Sunday, April 16, 2006 9:21 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [Asterisk-Users] Phones that work well through NAT jennyw wrote:> We've been reasonably happy with Polycom SoundPoint phones, but we > only have them installed on the LAN. I've read that they have problems> working across NAT. So ... I guess I have a few questions. First, is > there a way to get Polycoms to work well over NAT? If not, then are > there phones of comparable voice quality that do work well over NAT? > Without costing a lot more? >It's not NAT that's the problem, it's the implementation of NAT that is the variable and causes the problems. I send Polycoms to our remote users and usually have no problems behind NAT, but one user had so much trouble we had to move the Polycom outside the firewall and use the passt hrough to connect the firewall. If you can proscribe a M0n0wall firewall box you can handle any NAT problems but if you are stuck using some funky $50 firewall/router, chances are you will have problems. -- Chris Mason NetConcepts -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Christian Stredicke
2006-Apr-16 17:04 UTC
[Asterisk-Users] Phones that work well through NAT
There are two approaches to get NAT working properly: - Use UDP and send and receive from the same port. This is extremly simple, however some phones do (by default) send and recieve from a different ports. Then you have to tell explicity "no no, dont do that; use the same port". There are even phones that send and receive from different RTP ports. I would say they are extremly NAT unfriendly. And I don't know why a phone vendor would do that. Anyway, the IETF specs allow it. The problem with the UDP approach is the high keep-alive traffic (every 15-20 secs you must refresh it) and the number of buggy NAT implementations out there. I would say this approach works with 95 % of the equipment. - Use TCP/TLS and keep the TCP connection to the PBX open all the time. This reduces and amound of keep-alive traffic and works with almost anything on the market. Because a router that does not support https or MS Exchange traffic will have a real hard time in the market place! TLS has the advantage that "smart" routers cannot see the SIP traffic any more and mess around with it. For example, there is a vendor out there that does not understand the rport parameter in the Via and removes it (but leave the ; standing there)!!! Especially when there are relatively few user agents registered to the system (number of file descriptors), this approach is superior. AFAIK the next * version will support this approach; there are already systems available that support TCP and TLS. Just my two cents. Christian> -----Original Message----- > From: asterisk-users-bounces@lists.digium.com > [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of > Andrew Kohlsmith > Sent: Sunday, April 16, 2006 11:16 PM > To: asterisk-users@lists.digium.com > Subject: Re: [Asterisk-Users] Phones that work well through NAT > > On Saturday 15 April 2006 22:37, C F wrote: > > That is until you run into problems, while they do work, I wouldn't > > say that Polycoms work EXEPTIONALLY well, Cisco, and SPA > work *MUCH* > > better. > > Can you detail some problems? Just about any off-the-shelf > router seems to work with these. There may be some cheap-ass > broken routers you can get for > $5 which will not work, but all of the brand-name stuff I've > tried Just Works, which is why I say they work exceptionally well. > > -A. > _______________________________________________ > --Bandwidth and Colocation provided by Easynews.com -- > > Asterisk-Users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > > >
So how do you get a Polycom phone to work with * over NAT? I can't seem to get it to work. If I forward ports, I can get one-way audio, but that?s it. Looking at a packet capture, it appears that my phone is trying to send data to the internal address of the * server, which is of course, not available from the private side of the NAT lan... I have a polycom soundpoint IP 500. Thanks Sean -----Original Message----- From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of C F Sent: Sunday, April 16, 2006 1:54 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [Asterisk-Users] Phones that work well through NAT I'm really not interested to look back, but IIRC, when using just one Polycom phone behind NAT we didn't have any problems, but when using more than one behind the same NAT that is when problems started, qualify=somethingbutno seemed to help it a bit, but didn't eliminate the problem. On 4/16/06, Andrew Kohlsmith <akohlsmith-asterisk@benshaw.com> wrote:> On Saturday 15 April 2006 22:37, C F wrote: > > That is until you run into problems, while they do work, I wouldn't > > say that Polycoms work EXEPTIONALLY well, Cisco, and SPA work *MUCH* > > better. > > Can you detail some problems? Just about any off-the-shelf router seems to > work with these. There may be some cheap-ass broken routers you can get for > $5 which will not work, but all of the brand-name stuff I've tried Just > Works, which is why I say they work exceptionally well. > > -A. > _______________________________________________ > --Bandwidth and Colocation provided by Easynews.com -- > > Asterisk-Users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >_______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.4.1/313 - Release Date: 4/15/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.4.3/317 - Release Date: 4/18/2006
So I have * box ---- shorewall/linux NAT firewall ---- internet ----- WRT54G with openwrt ----- IP500 I have 5060, 4569, and 10000 through 20000 forwarded to * box from internet. I have tried everything I can think of on the wrt to get it to work but it appears, looking at tcpdump that my phone is trying to get to the * box (I can get one way audio with port mapping in the WRT) using the 192.168.x.x address it has as its internal interface... Is there a way to force the IP500 to use the public IP of the * box for RTP? Then it should work... Thanks Sean -----Original Message----- From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Andrew Kohlsmith Sent: Tuesday, April 18, 2006 7:31 AM To: asterisk-users@lists.digium.com Subject: Re: [Asterisk-Users] Phones that work well through NAT On Tuesday 18 April 2006 09:57, Sean Garland wrote:> So how do you get a Polycom phone to work with * over NAT? I can't seem to > get it to work. If I forward ports, I can get one-way audio, but that?s > it. Looking at a packet capture, it appears that my phone is trying to > send data to the internal address of the * server, which is of course, not > available from the private side of the NAT lan... I have a polycom > soundpoint IP 500.You don't do anything to get it to work through NAT. If your * box is behind NAT you need to screw around a little, but for situations like this: * box --- [internet] --- [nat dsl router] --- IP501 all you do is set 'nat=yes' on the * box, in the IP501's peer setting. That's it. It even works with multiple IP501s behind the same NAT DSL router. If you have a stupid NAT box that closes ports off too quickly or plays too many games with the packets you may need some additional configuration (shorter registration expirations, etc.) but just buy a decent NAT box... WRT54Gs work just fine in their default configuration, for example. -A. _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.4.3/317 - Release Date: 4/18/2006 -- No virus found in this outgoing message. Checked by AVG Free Edition. Version: 7.1.385 / Virus Database: 268.4.3/317 - Release Date: 4/18/2006