Asterisk and SIP behind NAT

asterisk sip nat
23,004

The simplest, lazy way around this is to set your asterisk box in a 1:1 nat config (often called DMZ host on home routers) and to make sure externip= is set in sip.conf.

The usual troubles with SIP and NAT are:

  • SIP headers contain call source and destination information (IP addresses) that may not be reachable to/from clients and servers behind nat
  • A generally broad range of ports need to be forwarded for RTP streams (the audio and whatever else)
  • Many NAT devices (e.g. the Ciscos James Sneeringer mentioned) try to "help" and usually do a poor job of mangling the headers
  • Some SIP devices will try to "reinvite", which basically means establish a direct connection with the calling device rather than route it through the PBX. NAT completely breaks this.

Assuming you can't 1:1 NAT asterisk, try these:

In the general section of sip.conf:

  • Make sure externip is set (externip=)
  • Set nat=yes (this is often overused/misunderstood, but try it)
  • make sure localnet=/subnet mask (e.g. 192.168.1.23/255.255.255.0) is set (this will cause asterisk to write its private IP to SIP headers sent to phones on that network, but use the externip everywhere else)

In the device section for the problem phone: - qualify=5000 (This will cause asterisk to check on the extension every 5 seconds. Adjust as desired, as long as it's shorter than your NAT timeout it should keep the mapping preserved)

On your NAT/firewall - make sure the entire range of UDP ports listed in rtp.conf have forward entries to your asterisk server. Typically this would be something like 10000-12000 (each call can use up to 4 RTP channels, so that setting would handle at least 500 simultaneous calls). And of course 5060 (SIP signalling)

I've found this page helpful in the past: http://asteriskguru.com/tutorials/sip_nat_oneway_or_no_audio_asterisk.html

If you're using one of the asterisk distros with a web-interface (FreePBX, Elastix, Trixbox, PBX-in-a-flash etc) let me know and I can suggest some GUI settings rather than editing conf files directly. I've had the displeasure of debugging issues with most of them...

Share:
23,004

Related videos on Youtube

user209700
Author by

user209700

Updated on September 18, 2022

Comments

  • user209700
    user209700 over 1 year

    I am trying to Setup an Asterisk-Server to accept calls from a client in an other Network. The Server and the client are behind an NAT.

    I have already activated STUN on the client, but I am still having problems hearing the other side on both. After some time, the call get's ended and on Asterisk logs a message about Retransmission Timeout reached and No reply to critival packet received appears.

    • Philip
      Philip about 10 years
      Check the UDP Stateful/Dynamic Rule time-out on the NAT router. It's probably too short. I typically set it to 30 seconds to ensure SIP works correctly.
    • James Sneeringer
      James Sneeringer about 10 years
      Be careful if the NAT device is a Cisco ASA or PIX firewall. If they have SIP inspection enabled, you need to configure Asterisk as though there is no NAT in place, because the firewall handles it all for you.
    • tufelkinder
      tufelkinder almost 7 years
      James, that was the most helpful comment ever.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Asterisk client behind NAT - UDP registration does not work
Inbound SIP calls through Cisco 881 NAT hang up after a few seconds
Asterisk SIP/2.0 401 Unauthorized
How to allow inbound calls in pjsip and Asterisk 13?
How to log call (SIP) requests in asterisk?
How to check Asterisk SIP registration in realtime?
What open-source SIP clients (or libraries) there are that could be freely extended by developers?
How to fix Unknown RTP codec 126 received on aterisk?
sip "100 trying" instead of "180 ringing"
Receive sms on asterisk sip