SIP, * and NAT/PAT
This is an endless topic.
Anyway, could everyone share their experience with subj? I'll start first:
Eventually, my plan is to make hosted SIP PBX, like IP Centrix. PBX in this case must have multi-tenant support. But IP centrix requires that extensions on the same LAN should be able to to send RTP directly, sending everything via PBX makes no sense.
Let's assume that * is on public IP without NAT.
Case #1.
Two extensions behind an intelligent NAT/PAT, which does ALG and correctly translates SIP/SDP is messages. In my case it was Cisco Pix firewall. Pix does symmetric NAT.
Clients behind Pix are able to call outside and receive calls from outside. They are also able to call each other and send RTP stream does directly.
Requrements for positive results:
Pix firewall - firmware version 6.3(4)
User Agents - disable outbound proxy settings in UA, do not use STUN, and external IP addres in headers.
Asterisk - use NAT=no and canreinvite=yes settings in SIP.Conf
All header translation this case is done by Pix. It is the best solution, but the most expesive one.
Case #2
Two extensions behind an 'dumb NAT' which does not do ALG. I've tested different cable/dsl routers from Linksys, Dlink, Netgear.
It is the most common, and unfortunatelly, worst case. First of call, NAT implemenations in gateways are defferent not only from vendor to vendor, but within the same vendor also.
In case of L3 NAT there are following ways to deal with stuation:
STUN on UA.
NAT settings on asterisk.
Based on my experiense, I have the following conclusion - currently, there are no built-in ways in Asterisk to deal with L3 NAT and archive the the goal - sendindg media stream between endpoints behind the same NAT. It requires Session Border Controller logic implementation in Asterisk.
I wonder, if anyone did same/similar reserch and what are your results.
Thanks.
|
