Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
VoIP through NAT/PAT
- Thread starter wattie29
- Start date
I know that SIP is not supported by NAT without some work and thats because of the RTP UDP stream that carries the compressed voice(or other media). H.323 has issues because of the large numbers of ports it uses that are dynamically assigned.
An excellent paper on H.323 and firewalls can be found at:
The real question is are you refering to NAT (network address translation) or PAT (port address translation) there are subtle but very important differences between the two and how it impacts VoIP.
Mike S
Home of the book "Network Security Using Linux"
An excellent paper on H.323 and firewalls can be found at:
The real question is are you refering to NAT (network address translation) or PAT (port address translation) there are subtle but very important differences between the two and how it impacts VoIP.
Mike S
Home of the book "Network Security Using Linux"
- Thread starter
- #3
Thanks mate, I will have a look at that.
I believe the VoIp that is working is using NAT as it is configured with the 'nat' and 'global' commands, wheras the one that is not is using static(outside,intf2) I believe this is PAT.
As you can see I'm not much of a wiz on these firewalls, hope that makes sense.
Cheers for the help so far.
I believe the VoIp that is working is using NAT as it is configured with the 'nat' and 'global' commands, wheras the one that is not is using static(outside,intf2) I believe this is PAT.
As you can see I'm not much of a wiz on these firewalls, hope that makes sense.
Cheers for the help so far.
The PAT will give you absolute fits ![[sadeyes]](/data/assets/smilies/sadeyes.gif "[sadeyes] [sadeyes]")
NAT and PAT are not your friends for VoIP but at least with NAT you can use something like STUN to get around it. THink Skype
THey use a form of STUN to work around NAT issues. There is also a cool toy called "NAT Check Program" at:
Which can help in deciding if NAT is giving you problems. I have a short blurb on it in an upcoming Skype book from Syngress that I worked on.
MikeS
Home of the book "Network Security Using Linux"
NAT and PAT are not your friends for VoIP but at least with NAT you can use something like STUN to get around it. THink Skype
THey use a form of STUN to work around NAT issues. There is also a cool toy called "NAT Check Program" at:Which can help in deciding if NAT is giving you problems. I have a short blurb on it in an upcoming Skype book from Syngress that I worked on.
MikeS
Home of the book "Network Security Using Linux"
PAT is actually noted by Cisco's release notes not to function at all with VOIP. Using common sense it's kinda obvious anyway, but NAT should work just fine, as the outgoing/incoming streams for H.23X should be masq'd and forwarded, not port translated.
- Status
Similar threads
- Locked
- Question