Avatar of hellosoft
hellosoft
Flag for India asked on

TURN Server Behind Firewall

Hello,

i published a TURN Server ( LAN IP : 192.168.1.10 ) via ASA (using public IP : 10.10.10.2)
and allowed TCP/UDP ports 3478 & 3479.

i.e, TURN (192.168.1.10) --- ASA ---10.10.10.2 (internet ip)

- when one voip client from behind symetric NAT and one client from our office LAN can able to register to VOIP server with TURN settings

ex: for client behind symetric NAT  -  10.10.10.2 (TURN Server )
      for Client in LAN                        -   192.168.1.10 (TURN Server)

dialing from both clients is working. but, after call establishment there is only one way media.
i.e, from LAN voip Client to client behind symetric NAT.


when i use wireshark to capture packets. TURN Server is not forwarding packets to Public Client (to client behind NAT using it's Published IP address i.e 10.10.10.2 ), insted it's forwarding packets to Firewall (ASA - 10.10.10.1)

can any body help me to resolve this issue.


Thanks,
Rafi
Voice Over IPCiscoNetworking

Avatar of undefined
Last Comment
hellosoft

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
agonza07

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
hellosoft

ASKER
Thanks agonza07,

i already did those things which shown in above links but,  iam facing issues after that.

i have several voip server (sip servers) hosted in same manner, i don't have any issue with those .

i am having issue with TURN Server.

any more ideas suitable for above described scenario.
agonza07

Upload your config so we can check it out. Make sure to remove any public IP info.
hellosoft

ASKER
you are asking TURN Server Config file !! right
Your help has saved me hundreds of hours of internet surfing.
fblack61
agonza07

I'm sorry, no, your ASA config.
hellosoft

ASKER
Did get exact solution but, links are knowledge giving.