asterisk users - Nov 2006 - several behind NAT

I've got my asterisk server in the DMZ of my local LAN - I've used my  
Budgetone and GXP2000's from the Internet- on direct IP connections  
with no problems.  However, I'm about to deploy about 5 phones  
(either budgetone or GXP2000's) all on a LAN behind a NAT- on a  
different network than the Asterisk server.  Should I look into using  
STUN servers?  Will this setup be a problem?  I've read about NAT and  
STUN on voip-info but am looking for more information..   btw- I'm  
not set on Grandstream.  If you think Polycom or something can handle  
NAT better, then I'll use that instead.  I guess there's no IAX  
phones yet...  Thanks in advance.
   Todd

There should not be any problem as long as the remote phones, doesn't matter
they are on which network, can access your server in DMZ. But if you have a
dynamic IP, you should get a dyndns FQDN (fully qualified domain name) for
it and have your IP phones have that domain name to rech to your server. It
will cost you $10 a year.

I have many phones here and there connecting to different servers and I
never had any problems. Also my home server is in DMZ and I have connected
to it from many different locations around the globe, it always worked
perfect.

And yes, there are IAX phones out there too, but not good ones yet. I
have an unbranded IAX phone in my basement, but thats the only place where
I can put it because I can't rely on its voice quality.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.digium.com/pipermail/asterisk-users/attachments/20061106/fba5b30b/attachment.htm

What about setting up a small asterisk box that trunks to your main 
asterisk box that sits on the same lan as your SIP phones?

Todd- Asterisk wrote:
> I've got my asterisk server in the DMZ of my local LAN - I've used
my
> Budgetone and GXP2000's from the Internet- on direct IP connections
with
> no problems.  However, I'm about to deploy about 5 phones (either 
> budgetone or GXP2000's) all on a LAN behind a NAT- on a different 
> network than the Asterisk server.  Should I look into using STUN 
> servers?  Will this setup be a problem?  I've read about NAT and STUN
on
> voip-info but am looking for more information..   btw- I'm not set on 
> Grandstream.  If you think Polycom or something can handle NAT better, 
> then I'll use that instead.  I guess there's no IAX phones yet...  
> Thanks in advance.
>   Todd
> _______________________________________________
> --Bandwidth and Colocation provided by Easynews.com --
> 
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users

On 6 Nov 2006, at 15:28, Todd- Asterisk wrote:
> I've got my asterisk server in the DMZ of my local LAN - I've used
> my Budgetone and GXP2000's from the Internet- on direct IP  
> connections with no problems.  However, I'm about to deploy about 5  
> phones (either budgetone or GXP2000's) all on a LAN behind a NAT-  
> on a different network than the Asterisk server.  Should I look  
> into using STUN servers?  Will this setup be a problem?  I've read  
> about NAT and STUN on voip-info but am looking for more  
> information..   btw- I'm not set on Grandstream.  If you think  
> Polycom or something can handle NAT better, then I'll use that  
> instead.  I guess there's no IAX phones yet...  Thanks in advance.
There are a few ways to avoid the problem:
	1) put a second interface on your asterisk box that is on the  
internal LAN (potential
security hazard, but you may have a phone-only LAN segment and a  
secure DMZ in which case it
would be fine).
	2) Add a VPN between the 2 segments (similar issues to 1)
	3) Add a small asterisk device to your 'inner' LAN and have it talk  
IAX to the main device on the DMZ
	4) As per 3 but swap the machines, put a small device on the DMZ and  
the real asterisk
deep in your LAN.

4 is my preferred option, but your situation may vary.....

Others will tell you how to get the XXYZ phone to do NAT just right  
with the ABCD routers :-)

Tim.

Tim Panton

www.mexuar.net
www.westhawk.co.uk

I'm not claiming to be an expert on the matter but I'm running here in 
my small office 2 softphones and 3 hardphones (I'll replace the 
softphones soon as well) and all of them are being NAT. The asterisk is 
located remotely and all the clients connect to it with the help of 
public STUN servers. My softphones are X-Lite and my hardphones are 
Snom. I also worked with Grandstream ATA (Handytone 286), Motorola ATA 
and Welltech phone - they all worked just fine.

Tomer.

Todd- Asterisk wrote:
> I've got my asterisk server in the DMZ of my local LAN - I've used
my
> Budgetone and GXP2000's from the Internet- on direct IP connections 
> with no problems.  However, I'm about to deploy about 5 phones (either 
> budgetone or GXP2000's) all on a LAN behind a NAT- on a different 
> network than the Asterisk server.  Should I look into using STUN 
> servers?  Will this setup be a problem?  I've read about NAT and STUN 
> on voip-info but am looking for more information..   btw- I'm not set 
> on Grandstream.  If you think Polycom or something can handle NAT 
> better, then I'll use that instead.  I guess there's no IAX phones 
> yet...  Thanks in advance.
>   Todd
> _______________________________________________
> --Bandwidth and Colocation provided by Easynews.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users

----- Original Message ----- 
From: "Todd- Asterisk" <thouleasterisk@gleffsecurity.com>
To: "Asterisk Users Mailing List - Non-Commercial Discussion" 
<asterisk-users@lists.digium.com>
Sent: Monday, November 06, 2006 5:28 PM
Subject: [asterisk-users] several behind NAT

> I've got my asterisk server in the DMZ of my local LAN - I've used
my
> Budgetone and GXP2000's from the Internet- on direct IP connections 
with
> no problems.  However, I'm about to deploy about 5 phones  (either 
> budgetone or GXP2000's) all on a LAN behind a NAT- on a  different
network
> than the Asterisk server.  Should I look into using  STUN servers?  Will 
> this setup be a problem?  I've read about NAT and  STUN on voip-info
but
> am looking for more information..   btw- I'm  not set on Grandstream. 
If
> you think Polycom or something can handle  NAT better, then I'll use
that
> instead.  I guess there's no IAX  phones yet...  Thanks in advance.
>   Todd
> _______________________________________________
> --Bandwidth and Colocation provided by Easynews.com --
>
NAT has been my worst enemy when it comes to asterisk. I think the key to 
having several phones behind NAT not on the same LAN as Asterisk is to have 
a good router. I have been using the SMC Baracade 7004 and it has worked 
well for me.

The only thing that might be an issue is your Asterisk behind NAT. However
if you removed that everything should work fine. In the case that you have
issues with multiple phone registrations, try another router or firewall.

On 11/6/06, Todd- Asterisk <thouleasterisk@gleffsecurity.com>
wrote:
>
> I've got my asterisk server in the DMZ of my local LAN - I've used
my
> Budgetone and GXP2000's from the Internet- on direct IP connections
> with no problems.  However, I'm about to deploy about 5 phones
> (either budgetone or GXP2000's) all on a LAN behind a NAT- on a
> different network than the Asterisk server.  Should I look into using
> STUN servers?  Will this setup be a problem?  I've read about NAT and
> STUN on voip-info but am looking for more information..   btw- I'm
> not set on Grandstream.  If you think Polycom or something can handle
> NAT better, then I'll use that instead.  I guess there's no IAX
> phones yet...  Thanks in advance.
>    Todd
> _______________________________________________
> --Bandwidth and Colocation provided by Easynews.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.digium.com/pipermail/asterisk-users/attachments/20061106/240c816b/attachment.htm

Just to report back in, the advice of the list was to not worry about  
it- they should work well.  I took a DSL modem with a router on it  
and connected both phones (Grandstream GXP2k and 101)- they did not  
work.  I found that I had to program in a STUN server.  I also has to  
set it to use a random port instead of the default- a pre-defined  
port (else only 1 phone would ring regardless of extension).  Now  
they both work well.  Does anyone see a problem with this setup?   
Should I use my own STUN server? or can I continue with stun.fwdnet.net?

Also, where can I get information on provisioning?  These phones will  
be out of my hands soon and I'd like to be able to update the  
configs.  I saw a few utilities for generating the configs, but I'd  
like more specific info - I don't mind editing files by hand but want  
to know how it works. Does anyone have some resources?

thanks for all the help- this is a great list.
      Todd


On Nov 6, 2006, at 10:28 AM, Todd- Asterisk wrote:
> I've got my asterisk server in the DMZ of my local LAN - I've used
> my Budgetone and GXP2000's from the Internet- on direct IP  
> connections with no problems.  However, I'm about to deploy about 5  
> phones (either budgetone or GXP2000's) all on a LAN behind a NAT-  
> on a different network than the Asterisk server.  Should I look  
> into using STUN servers?  Will this setup be a problem?  I've read  
> about NAT and STUN on voip-info but am looking for more  
> information..   btw- I'm not set on Grandstream.  If you think  
> Polycom or something can handle NAT better, then I'll use that  
> instead.  I guess there's no IAX phones yet...  Thanks in advance.
>   Todd
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://lists.digium.com/pipermail/asterisk-users/attachments/20061109/6a014da6/attachment.htm