Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Sip Trunking with NAT

Status
Not open for further replies.

Bkpagos

Technical User
Sep 26, 2006
38
GR
Hello.Please help me.
I have configured a SIP Line with all details right but my problem is NAT.My client has only one static ip and the whole network is behind the router with NAT.
For example : ADSL Modem/Router with a static public IP, and a local IP 192.168.1.254 .IP Office 500 is 192.168.1.253 on LAN1 and all PC's and IP Phones are on 192.168.1.1-200.When i run Stun, i get Blocking Firewall and no Public IP and port.Is there something else i need to do?Do i need to port forward 5060 on my router to IP Office?Do i need anything else?Or it can't work like this and i have to buy another public IP for LAN2 of the IPO?
 
I would suggest your cfg is not correct.

You need an ip route that gets you on to the internet.

As an example.

406v2 192.168.77.1
ADSL Router 192.168.77.77

IPRoute
0.0.0.0 255.255.255.0 192.168.77.77

When you run stun because the stun ip address is not on the same subnet as the IPO (its a public address) the ip route shold pick it up and point it the adsl router and into the internet.

The whole idea of stun is that i auto negotiates the issues that NAT introduces to SIP.
 
Bkpagos,

We've been testing a couple of sip providers and we are behind a nat firewall too. It's been hit and miss. More miss actually.

Which provider for sip trunking are you using?
Am I correct in saying you are using the built in firewall in the DSL modem? If so, you will need to get access to open ports, or contact your DSL provider and ask them.

You want to make certain of three things:

1. Your Firewall can do SIP transformations, otherwise when the traffic leaves the IP Office and goes through the firewall, it will carry the 192.168.1.253 address. Since 192.168.1.x is a non-routable address, the packets will never come back. SIP transformation is when the firewall "rewrites" the packets from the IP Office so they have the public IP and not private.

2. Port 5060 (SIP) is open from the internet (WAN) to the IP office (LAN). This should be quite simple to do, as long as you can get in to the configuration of your router.

3. You will also want to make sure you have RTP ports open. A sign that RTP is not open would be things like DTMF not working. Some routers are smart enough to automatically open RTP when you enable SIP transformations and/or open up port 5060.

GOOD LUCK!

 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top