SIP NAT STUN Expert needed
I'm trying to get a more fundamental understanding of the complications of running SIP phones through NAT to a SIP server that's also behind NAT. More specifically, we're trying to make the 3CX phone client and also a Grandstream GXP-2000 deskphone register with a 3CX SIP server (that uses PSTN exclusively to make calls) that's behind NAT, (and in some cases our clients' 3CX SIP servers are behind double NAT).
Here's some of the questions that come up:
1) If I have port forwarding on the phone/client side setup for the same ports (5060 UDP/TCP, 3478 UDP/TCP, 9000-9019 UDP) as what we use on the server side, will that cause a problem?
2) Do we always need to use STUN? On the client side? Server Side? Are stun servers reliable?
3) NAT seems to really be the big problem. Is is possible to disable NAT on consumer DSL modems such as the Thomson 516 or the Thomson 546?
Any information that can be offered on the fundamentals of NAT, testing SIP with NAT, would be greatly appreciated.
Here's some of the questions that come up:
1) If I have port forwarding on the phone/client side setup for the same ports (5060 UDP/TCP, 3478 UDP/TCP, 9000-9019 UDP) as what we use on the server side, will that cause a problem?
2) Do we always need to use STUN? On the client side? Server Side? Are stun servers reliable?
3) NAT seems to really be the big problem. Is is possible to disable NAT on consumer DSL modems such as the Thomson 516 or the Thomson 546?
Any information that can be offered on the fundamentals of NAT, testing SIP with NAT, would be greatly appreciated.
ASKER
1) Should I be able to test a connection to a SIP server using Telnet? (usually they use port 5060)
2) What if we want to have two endpoints/clients at one remote location, behind NAT? Do they need to use different source ports to contact the SIP server at the remote location? Do they need to use different RTP ports? Do we need port forwarding for the RTP ports?
3) Is there a reliable way of determining what kind of NAT a router uses?
4) Are routers that do SIP packet inspection and manipulate the SIP data, a simple and recommended solution?
2) What if we want to have two endpoints/clients at one remote location, behind NAT? Do they need to use different source ports to contact the SIP server at the remote location? Do they need to use different RTP ports? Do we need port forwarding for the RTP ports?
3) Is there a reliable way of determining what kind of NAT a router uses?
4) Are routers that do SIP packet inspection and manipulate the SIP data, a simple and recommended solution?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
2a. STUN is strongly recommended on client/phone devices, although there may be a few situations where an IP phone will work better without STUN - this should only be the case if the server already has some kind of far-end NAT traversal mechanism such as a Media Proxy (or TURN) service. If 3CX supports STUN and is behind NAT then it is best to enable it. However, be clear if that means the server acts as a STUN server or does activation mean that the 3CX server uses STUN. The former would not make sense in your situation.
2b. Yes, STUN servers are reliable. They respond to STUN requests from the client device and allow the client device to know if it is behind NAT, what its external IP address is and what constraints the NAT/router has that are relevant to UDP connections. Once the device has this information it can make adjustments to its SIP messages that should help get a reliable connection. However, you may also need to make adjustments to your NAT/router's rules - for example, setting one-to-one NAT or port forwarding.
3. The advantage of NAT is that you can have several devices (computers, IP phones etc) all sharing one public IP address. If your DSL router could be set for no NAT then you would only be able to have one local device connected to the Internet. Some home routers have something they refer to as a DMZ which is actually just that one device is allowed to have all external ports forwarded to it and all firewall rules disabled. Use with care if it is available, but it could be of use for an IP phone.
http://www.smartvox.co.uk/sipfaq_natsolutions_explained.htm