Is is possible to have a SIP UA behind nat and communicate to an OpenSER/RTP Proxy server behind nat behind nat and have everything transverse appropriately? Or will I need something additional like STUN?
Example:
OpenSER + RTP Proxy + Asterisk will all reside on the same machine.
SIP UA -> Cisco PIX ( Public IP to Localnet NAT ) -> OpenSER/RTP -> Asterisk
Thank you for your time,
Patrick
HI PAtrick!
Cisco PIX will usually rewrite SIP messages (ALG) thus it should work.
regards klaus
Patrick Baker schrieb:
Is is possible to have a SIP UA behind nat and communicate to an OpenSER/RTP Proxy server behind nat behind nat and have everything transverse appropriately? Or will I need something additional like STUN?
Example:
OpenSER + RTP Proxy + Asterisk will all reside on the same machine.
SIP UA -> Cisco PIX ( Public IP to Localnet NAT ) -> OpenSER/RTP -> Asterisk
Thank you for your time,
Patrick
Users mailing list Users@lists.openser.org http://lists.openser.org/cgi-bin/mailman/listinfo/users
I was under the impression that the Cisco fixup protocols broke the SIP headers
Klaus Darilion wrote:
HI PAtrick!
Cisco PIX will usually rewrite SIP messages (ALG) thus it should work.
regards klaus
Patrick Baker schrieb:
Is is possible to have a SIP UA behind nat and communicate to an OpenSER/RTP Proxy server behind nat behind nat and have everything transverse appropriately? Or will I need something additional like STUN?
Example:
OpenSER + RTP Proxy + Asterisk will all reside on the same machine.
SIP UA -> Cisco PIX ( Public IP to Localnet NAT ) -> OpenSER/RTP -> Asterisk
Thank you for your time,
Patrick
Users mailing list Users@lists.openser.org http://lists.openser.org/cgi-bin/mailman/listinfo/users
Patrick Baker wrote:
I was under the impression that the Cisco fixup protocols broke the SIP headers
My experience is the same, with all ALGs. For some reason whenever an ALG tries to 'fix' the headers, they end up fixing it the wrong way, thus breaking things even more.
Jeremy McNamara
Patrick Baker wrote:
Is is possible to have a SIP UA behind nat and communicate to an OpenSER/RTP Proxy server behind a different nat and have everything transverse appropriately?
I have always avoided putting openser or asterisk behind NAT, for my own sanity, so I have no experience with this.
Or will I need something additional like STUN?
I have never personally found a need for STUN.
Jeremy
Hi, Are you trying to traverse two NAT routers, or just your PIX? Personally, my home lab runs through two NAT (actually PAT) routers before getting to my OpenSer proxy on the Internet. The first router is the ActionTec MI-424 provided by my ISP. I read somewhere it has ALG for SIP and MGCP. Then I also have a Cisco 1760 to route between 4 internal VLAN subnets. Only a couple of these subnets (sub-interfaces) are configured for PAT, but they do employ both SIP and DNS ALG.
Things appear to work fine. I have never tried STUN at the UA (would not expect it to work in my case anyway). The SIP ALG may be problematic if you do not REGISTER through them because this is where initial mappings occur. That aside, my perception is that the SIP ALG bugs have already been worked out.
-will
Jeremy McNamara wrote:
Patrick Baker wrote:
I was under the impression that the Cisco fixup protocols broke the SIP headers
My experience is the same, with all ALGs. For some reason whenever an ALG tries to 'fix' the headers, they end up fixing it the wrong way, thus breaking things even more.
Jeremy McNamara
Users mailing list Users@lists.openser.org http://lists.openser.org/cgi-bin/mailman/listinfo/users
Patrick Baker schrieb:
I was under the impression that the Cisco fixup protocols broke the SIP headers
Long time ago this was a problem. But I know of a customer which uses an Asterisk behind PIX and it works fine.
regards klaus
Klaus Darilion wrote:
HI PAtrick!
Cisco PIX will usually rewrite SIP messages (ALG) thus it should work.
regards klaus
Patrick Baker schrieb:
Is is possible to have a SIP UA behind nat and communicate to an OpenSER/RTP Proxy server behind nat behind nat and have everything transverse appropriately? Or will I need something additional like STUN?
Example:
OpenSER + RTP Proxy + Asterisk will all reside on the same machine.
SIP UA -> Cisco PIX ( Public IP to Localnet NAT ) -> OpenSER/RTP -> Asterisk
Thank you for your time,
Patrick
Users mailing list Users@lists.openser.org http://lists.openser.org/cgi-bin/mailman/listinfo/users
-
Jeremy McNamara -
Klaus Darilion -
Patrick Baker -
Will Quan