Thanks for responding.
I was referring to the SIP server interface defined with a non-routable class A (10.x.x.x) IP address for example. The PIX firewall is configured with a static NAT translation (12.x.x.x <--> 10.x.x.x) and an access control list which directs traffic destined for port 5060 outside global address to the NAT'ed inside address.
The problem I have is when UA1 sends an invite to UA2. After the proxy sends the invite to UA2 the "Record Route" address is the local IP address (10.x.x.x). In result, both UA1 and UA2 never receive a BYE message. Please help.
~Alan
-------------------------------------------------------------------------- | SER External | UA2 | UA1 | SER Internal | 12.xxx.xxx.xx | 192.168.215.103 | 151.xxx.xxx.xx | 10.181.0.35 | | | | |INVITE SDP | | | |------------------>| | | | | | | | 100 Trying| | | |<------------------| | | | | | | | 180 Ringing| | | |<------------------| | | | | | | | 200 Ok SDP| | | |<------------------| | | | |RTP | | | |------------------>| | | | | | | 200 Ok| | | |<------------------| | | | 200 Ok| | | |<------------------| | | | 200 Ok| | | |<------------------| | | | |RTP | | | |------------------>| | | |BYE | | | |-------------------------------------->| | |BYE | | | |-------------------------------------->| | |BYE | | | |-------------------------------------->|
-----Original Message----- From: serusers-bounces@iptel.org [mailto:serusers-bounces@lists.iptel.org] On Behalf Of Michael Grigoni Sent: Thursday, May 11, 2006 3:50 AM To: serusers@lists.iptel.org Subject: Re: [Serusers] Running SER Server behind NAT
Alan wrote:
Is it possible to run SER SIP server behind a NAT? If so, what type of >
configuration changes am i looking at? My current scenario is as > follows.
Internet <-----> Pix (12.x.x.x translates to 10.x.x.x) <----> SIP Server
We have been running ser 0.8.99-dev19 (sparc/openbsd) for more than a year on NAT; our solution required ser to run on the NAT border router so that it could service the public net interfaces and the internal NAT'ed interfaces. We use rtpproxy on the same box. I have not actively watched the lists for any developments involving running it on a host only on a private ip space. I don't know of a ser port to run on the Pix. All external UAs so far have been on public ip addresses; we haven't yet dealt with the issue of external UAs behind NAT (perhaps a STUN solution would work, or a VPN where feasible).
Michael Grigoni Cybertheque Museum
_______________________________________________ Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers