Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
IP Phones 1
- Thread starter jasiek
- Start date
-
1
- #3
Be very careful when using NAT (Network Address Translation).
VoIP does not work well with networks that use NAT (Network Address Translation) because most NAT implementations do not support H.323 protocols.
The destination IP address is encapsulated in more than one header:
the Q.931, H.225, and IP headers.
NAT changes only the address in the IP header resulting in a mismatch that prohibits the control of calls.
Greets, Bob
VoIP does not work well with networks that use NAT (Network Address Translation) because most NAT implementations do not support H.323 protocols.
The destination IP address is encapsulated in more than one header:
the Q.931, H.225, and IP headers.
NAT changes only the address in the IP header resulting in a mismatch that prohibits the control of calls.
Greets, Bob
A VSU is one of AVAYA's VPN Gateway products that allows VPN to work properly. Your best option is to use this, but it envolves setting up a Remote Access VPN for you remote users and sending them home with a VSU box at home. The VPN ensures the VOIP traffic is not NAT'd and you connect fine. So this will solve your issue, but you may want to talk to your Data people first, because you will need to deploy a VPN.
Thank you,
Frank Mirecki
BrantTel Networks
Thank you,
Frank Mirecki
BrantTel Networks
Toni269
MIS
- Apr 18, 2002
- 815
I got this info from a consultant:
NAT is not supported by the IP Soft Phone Software. If you had a firewall in place with out NAT (meaning routable IP addresses are on the inside LAN) then you would simply just have to list what UDP ports you want allowed. This is a three step process.
1) Within the IP Soft phone software, under options>advanced> you must enter a min port and max. port. The range must be as follows:
1024 > range > 65536. The range must be at least 100 ports. Valid port range example: 1024 < 2000-2100 < 65536.
2) The firewall must have a hole made for that exact UDP range.
3) The PBX must have the same UDP port range configured under the “change ip-network-region” command.
Avaya’s only work around is to have the CLAN and Prowler cards on the DMZ or outside LAN segment.
Alternatively, a VPN connection avoids the above problems. I have included two Avaya based NAT explanations below:
7.4 NAT (Network Address Translation)
VoIP does not work well with LANs that use NAT (Network Address Translation) because NAT does not support H.323 protocols. The destination IP address is encapsulated in more than one header, the Q.931, H.245, and the IP header. NAT changes only the address in the IP header resulting in a mismatch that prohibits the control of calls. We suggest that you use a firewall to guard against intruders, but your firewall should not provide NAT functions for VoIP packets.
Network Address Translation (NAT): Due to limitations in the H.323 VoIP standard,
VoIP conversations cannot presently work across NAT boundaries. It is important to route voice streams around routers or firewalls running NAT.
NAT is not supported by the IP Soft Phone Software. If you had a firewall in place with out NAT (meaning routable IP addresses are on the inside LAN) then you would simply just have to list what UDP ports you want allowed. This is a three step process.
1) Within the IP Soft phone software, under options>advanced> you must enter a min port and max. port. The range must be as follows:
1024 > range > 65536. The range must be at least 100 ports. Valid port range example: 1024 < 2000-2100 < 65536.
2) The firewall must have a hole made for that exact UDP range.
3) The PBX must have the same UDP port range configured under the “change ip-network-region” command.
Avaya’s only work around is to have the CLAN and Prowler cards on the DMZ or outside LAN segment.
Alternatively, a VPN connection avoids the above problems. I have included two Avaya based NAT explanations below:
7.4 NAT (Network Address Translation)
VoIP does not work well with LANs that use NAT (Network Address Translation) because NAT does not support H.323 protocols. The destination IP address is encapsulated in more than one header, the Q.931, H.245, and the IP header. NAT changes only the address in the IP header resulting in a mismatch that prohibits the control of calls. We suggest that you use a firewall to guard against intruders, but your firewall should not provide NAT functions for VoIP packets.
Network Address Translation (NAT): Due to limitations in the H.323 VoIP standard,
VoIP conversations cannot presently work across NAT boundaries. It is important to route voice streams around routers or firewalls running NAT.
- Status
Similar threads
- Locked
- Question