Alan wrote:
Thanks for responding.
I was referring to the SIP server interface defined with a non-routable class A (10.x.x.x) IP address for example. The PIX firewall is configured with a static NAT translation (12.x.x.x <--> 10.x.x.x) and an access control list which directs traffic destined for port 5060 outside global address to the NAT'ed inside address.
Indeed, the only workable solution we found is to run 'ser' on the 'nat router' itself, which in our case is a border router running OpenBSD on sparc. 'ser' is configured to listen on the router's public ip and on the internal (NAT'ed) private (RFC 1918) networks; we run 'rtpproxy' on the same host to handle the rtp payload with internal UAs which are clients on private (RFC 1918) addresses.
Our 'ser.cfg' is somewhat more complicated than is usual for a small network.
I have not really investigated using NAT-T in this scenario.
Regards,
Michael Grigoni Cybertheque Museum