Hello,
I've been trying to add support for ATAs behind NAT firewalls for several days, and have had nothing but frustrations with it, so hopefully someone can clue me in. I tried modifying my existing ser config which has been working great, but failing that, I finally got the stock config file from ftp://siprouter.onsip.org/pub/gettingstarted/configs/nat-mediaproxy.3.05.cfg, modified my IP address for NAT and used that (after adding the domain module).
My first problem is that when an ATA registers behinf the NAT firewall, the NAT flag is never set, so if doesn't get the pings every 30 seconds. I can manually set that flag by just having setflag(6) in the config file and that seems to temporarily fix that problem, but I can't tell that it does anything else.
Outbound calls from the ATA work just fine, which they always have even where I had no NAT stuff in SER at all. Inbound calls to the ATA get ignored my it though, this is a Cisco ATA-186. I hooked up an old hub so I could get the messages using ngrep on the side with the NAT router and the main server, and here's what I see. 7771111001 is the ATA, 7778881000 is a local phone. 11.11.11.100 is the SER router, 11.11.11.44 is the PSTN gateway initiating the call, 11.11.11.18 is the NAT router's public IP, and 10.0.2.3 is the ATA.
SER router's ngrep: U 11.11.11.100:5060 -> 11.11.11.18:1387 27067@0:1480 ...k....INVITE sip:7771111001@11.11.11.18:1387;user=phone;transport=udp SI P/2.0..Record-Route: sip:11.11.11.100;ftag=6B826304-1A6A;lr=on..Via: SIP/2 .0/UDP 11.11.11.100;branch=z9hG4bKeda1.2545.3..Via: SIP/2.0/UDP 11.11.11.44 :5060;x-route-tag="tgrp:lnx";branch=z9hG4bK8C9D..From: <sip:7778881000@11.11 11.44>;tag=6B826304-1A6A..To: sip:7771111001@11.11.11.100..Date: Thu, 26 May 2005 14:10:42 GMT..Call-ID: C7AED903-CD2611D9-8130A2A3-EEBB2457@11.11. 11.44..Supported: 100rel,timer..Min-SE: 1800..Cisco-Guid: 3350084827-34418 24217-2183397385-1128595304..User-Agent: Cisco-SIPGateway/IOS-12.x..Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, COMET, REFER, SUBSCRIBE, NOTIFY, INFO, UPDATE, REGISTER..CSeq: 101 INVITE..Max-Forwards: 16..Remote-Party-ID : sip:7778881000@11.11.11.44;party=calling;screen=no;privacy=off..Timesta mp: 1117116642..Contact: sip:7778881000@11.11.11.44:5060..Expires: 180..A llow-Events: telephone-event..Content-Type: application/sdp..Content-Length : 506....v=0..o=CiscoSystemsSIP-GW-UserAgent 2462 1180 IN IP4 11.11.11.44.. s=SIP Call..c=IN IP4 11.11.11.44..t=0 0..m=audio 16536 RTP/AVP 18 2 0 100 1 01..c=IN IP4 11.11.11.44..a=rtpmap:18 G729/8000..a=fmtp:18 annexb=yes..a=rt pmap:2 G726-32/8000..a=rtpmap:0 PCMU/8000..a=rtpmap:100 X-NSE/8000..a=fmtp: 100 192-194,200-202..a=rtpmap:101 telephone-event/8000..a=fmtp:101 0-16..a= X-sqn:0..a=X-cap: 1 audio RTP/AVP 100..a=X-cpar: a=rtpmap:100 X-NSE/8000..a =X-cpar: a=fmtp:100 192-194,200-202..a=X-cap: 2 image u
NAT (ATA location) ngrep: U 11.11.11.100:5060 -> 10.0.2.3:5060 27070@0:1462 .......&INVITE sip:7771111001@11.11.11.18:1405;user=phone;transport=udp S IP/2.0..Record-Route: sip:11.11.11.100;ftag=6B826304-1A6A;lr=on..Via: SIP /2.0/UDP 11.11.11.100;branch=z9hG4bKeda1.2545.6..Via: SIP/2.0/UDP 11.11.11.44:5060;x-route-tag="tgrp:lnx";branch=z9hG4bK8C9D..From: <sip:7778881000@ 11.11.11.44>;tag=6B826304-1A6A..To: sip:7771111001@11.11.11.100..Date: Th u, 26 May 2005 14:10:42 GMT..Call-ID: C7AED903-CD2611D9-8130A2A3-EEBB2457@ 11.11.11.44..Supported: 100rel,timer..Min-SE: 1800..Cisco-Guid: 335008482 7-3441824217-2183397385-1128595304..User-Agent: Cisco-SIPGateway/IOS-12.x. .Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, COMET, REFER, SUBSCRIBE, NOTIFY, INFO, UPDATE, REGISTER..CSeq: 101 INVITE..Max-Forwards: 16..Remot e-Party-ID: sip:7778881000@11.11.11.44;party=calling;screen=no;privacy=o ff..Timestamp: 1117116642..Contact: sip:7778881000@11.11.11.44:5060..Exp ires: 180..Allow-Events: telephone-event..Content-Type: application/sdp..C ontent-Length: 478....v=0..o=CiscoSystemsSIP-GW-UserAgent 2462 1180 IN IP4 11.11.11.44..s=SIP Call..c=IN IP4 11.11.11.44..t=0 0..m=audio 16536 RTP/A VP 18 2 0 100 101..c=IN IP4 11.11.11.44..a=rtpmap:18 G729/8000..a=fmtp:18 annexb=yes..a=rtpmap:2 G726-32/8000..a=rtpmap:0 PCMU/8000..a=rtpmap:100 X- NSE/8000..a=fmtp:100 192-194,200-202..a=rtpmap:101 telephone-event/8000..a =fmtp:101 0-16..a=X-sqn:0..a=X-cap: 1 audio RTP/AVP 100..a=X-cpar: a=rtpma p:100 X-NSE/8000..a=X-cpar: a=fmtp:100 192-194,200-202..
It looks like the ATA is getting the message, but just flat out ignoring it. Anyone else have this problem?
Brian
My first problem is that when an ATA registers behinf the NAT firewall, the NAT flag is never set, so if doesn't get the pings every 30 seconds. I can manually set that flag by just having setflag(6) in the config file and that seems to temporarily fix that problem, but I can't tell that it does anything else.
An ngrep trace of the REGISTER would help. The NAT test does probably not catch the NATed device. I'm curious to know why.
Outbound calls from the ATA work just fine, which they always have even where I had no NAT stuff in SER at all. Inbound calls to the ATA get ignored my it though, this is a Cisco ATA-186. I hooked up an old hub so I could get the messages using ngrep on the side with the NAT router and the main server, and here's what I see.
Is this AFTER you have set setflag(6) regardless of REGISTER? If not, you should fix that first. If so, does Cisco's ATA-186 support symmetric SIP and RTP? If not, it may not be listening on the port it send the message on. If it does, it may be that it is kicking it because it's not able to parse it. I know that some clients have problems with: 11.11.11.44:5060;x-route-tag="tgrp:lnx";branch=z9hG4bK8C9D..From the x-route-tag (X-Lite is/was not able to parse it correctly). Also, the lr=on can be turned off at the top of the config file.
I would suggest trying to get some debug info from the ATA. g-)
7771111001 is the ATA, 7778881000 is a local phone. 11.11.11.100 is the SER router, 11.11.11.44 is the PSTN gateway initiating the call, 11.11.11.18 is the NAT router's public IP, and 10.0.2.3 is the ATA.
SER router's ngrep: U 11.11.11.100:5060 -> 11.11.11.18:1387 27067@0:1480 ...k....INVITE sip:7771111001@11.11.11.18:1387;user=phone;transport=udp SI P/2.0..Record-Route: sip:11.11.11.100;ftag=6B826304-1A6A;lr=on..Via: SIP/2 .0/UDP 11.11.11.100;branch=z9hG4bKeda1.2545.3..Via: SIP/2.0/UDP 11.11.11.44 :5060;x-route-tag="tgrp:lnx";branch=z9hG4bK8C9D..From: <sip:7778881000@11.11 11.44>;tag=6B826304-1A6A..To: sip:7771111001@11.11.11.100..Date: Thu, 26 May 2005 14:10:42 GMT..Call-ID: C7AED903-CD2611D9-8130A2A3-EEBB2457@11.11. 11.44..Supported: 100rel,timer..Min-SE: 1800..Cisco-Guid: 3350084827-34418 24217-2183397385-1128595304..User-Agent: Cisco-SIPGateway/IOS-12.x..Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, COMET, REFER, SUBSCRIBE, NOTIFY, INFO, UPDATE, REGISTER..CSeq: 101 INVITE..Max-Forwards: 16..Remote-Party-ID : sip:7778881000@11.11.11.44;party=calling;screen=no;privacy=off..Timesta mp: 1117116642..Contact: sip:7778881000@11.11.11.44:5060..Expires: 180..A llow-Events: telephone-event..Content-Type: application/sdp..Content-Length : 506....v=0..o=CiscoSystemsSIP-GW-UserAgent 2462 1180 IN IP4 11.11.11.44.. s=SIP Call..c=IN IP4 11.11.11.44..t=0 0..m=audio 16536 RTP/AVP 18 2 0 100 1 01..c=IN IP4 11.11.11.44..a=rtpmap:18 G729/8000..a=fmtp:18 annexb=yes..a=rt pmap:2 G726-32/8000..a=rtpmap:0 PCMU/8000..a=rtpmap:100 X-NSE/8000..a=fmtp: 100 192-194,200-202..a=rtpmap:101 telephone-event/8000..a=fmtp:101 0-16..a= X-sqn:0..a=X-cap: 1 audio RTP/AVP 100..a=X-cpar: a=rtpmap:100 X-NSE/8000..a =X-cpar: a=fmtp:100 192-194,200-202..a=X-cap: 2 image u
NAT (ATA location) ngrep: U 11.11.11.100:5060 -> 10.0.2.3:5060 27070@0:1462 .......&INVITE sip:7771111001@11.11.11.18:1405;user=phone;transport=udp S IP/2.0..Record-Route: sip:11.11.11.100;ftag=6B826304-1A6A;lr=on..Via: SIP /2.0/UDP 11.11.11.100;branch=z9hG4bKeda1.2545.6..Via: SIP/2.0/UDP 11.11.11.44:5060;x-route-tag="tgrp:lnx";branch=z9hG4bK8C9D..From: <sip:7778881000@ 11.11.11.44>;tag=6B826304-1A6A..To: sip:7771111001@11.11.11.100..Date: Th u, 26 May 2005 14:10:42 GMT..Call-ID: C7AED903-CD2611D9-8130A2A3-EEBB2457@ 11.11.11.44..Supported: 100rel,timer..Min-SE: 1800..Cisco-Guid: 335008482 7-3441824217-2183397385-1128595304..User-Agent: Cisco-SIPGateway/IOS-12.x. .Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, COMET, REFER, SUBSCRIBE, NOTIFY, INFO, UPDATE, REGISTER..CSeq: 101 INVITE..Max-Forwards: 16..Remot e-Party-ID: sip:7778881000@11.11.11.44;party=calling;screen=no;privacy=o ff..Timestamp: 1117116642..Contact: sip:7778881000@11.11.11.44:5060..Exp ires: 180..Allow-Events: telephone-event..Content-Type: application/sdp..C ontent-Length: 478....v=0..o=CiscoSystemsSIP-GW-UserAgent 2462 1180 IN IP4 11.11.11.44..s=SIP Call..c=IN IP4 11.11.11.44..t=0 0..m=audio 16536 RTP/A VP 18 2 0 100 101..c=IN IP4 11.11.11.44..a=rtpmap:18 G729/8000..a=fmtp:18 annexb=yes..a=rtpmap:2 G726-32/8000..a=rtpmap:0 PCMU/8000..a=rtpmap:100 X- NSE/8000..a=fmtp:100 192-194,200-202..a=rtpmap:101 telephone-event/8000..a =fmtp:101 0-16..a=X-sqn:0..a=X-cap: 1 audio RTP/AVP 100..a=X-cpar: a=rtpma p:100 X-NSE/8000..a=X-cpar: a=fmtp:100 192-194,200-202..
It looks like the ATA is getting the message, but just flat out ignoring it. Anyone else have this problem?
Brian
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-
Brian McCrary -
Greger V. Teigre