How Do the PBX NAT Settings Work?

  • Overview
  • NAT Settings in SIP General Settings
  • Extension NAT Settings

Overview

In the previous article Understand the PBX NAT Settings, we already learn about the PBX NAT settings would modify the IP address and port in the specific headers of the SIP packets. In this article, we would talk about how do the settings work.

There are 2 parts of NAT settings in PBX: in the SIP General and Extension.

NAT Settings in SIP General Settings

PBX would use the IP you filled in the following fields to replace the IP address of the specific headers.

  • External IP Address
  • External Host
  • STUN Address

mceclip0.png

External IP Address/ External Host / STUN

mceclip0.png

External IP Address: Fill it if you have a static public IP.

External Host: Use it when you don't have a static public IP. Refresh Interval is 120 seconds by default which is not necessary to change and safe to use. The precondition is you need to configure DDNS on the PBX or on your router. PBX would use the IP address every time the DDNS was parsed for the NAT purpose.

STUN Address: It is rarely used. For the SIP trunk registration scenario, sometimes the router NAT function doesn't work well or it's doesn't do NAT process for SIP packets. You can set this easy option. The Yeastar offers a free STUN server for you to use. Obviously, you could customize a preferred one. Refresh Interval is 30 seconds by default which is not necessary to change and safe to use.

Local Network Identification

It's a reference for PBX to decide if it would modify the IP address by NAT settings.
If the SIP packet destination address is within the range. PBX would not perform NAT for the SIP packet.

Therefore, you can set up the range according to your situation. In general, the local extension IP address segment should be added.
In the other scenario. Like the Dedicate SIP trunk + Remote Extension. The dedicate SIP trunk IP address segment is recommended to add.

NAT Mode

This option applies to the SIP packets sent via the SIP trunk.
While for the extension you would need to configure the extra setting on the respective extension page which we would discuss in the following section of this article.

At first, we would talk about the Asterisk options relevant to the NAT mode.

mceclip1.png

1 - RTP Symmetric

Enforce that RTP must be symmetric. Send RTP back to the same address/port we received it from. Regardless of where the SDP says to send it.

In a practical case, an Audiocodes gateway was interconnected with Yeastar S-Series PBX by SIP trunk.
The issue is the party of Audiocodes could not hear the voice from Yeastar. But the party on the Yeastar party have no problem to hear the voice from the Audiocodes gateway.

The PCAP log shows the Audiocodes gateway tells PBX it's media address 200.62.X.X and media port 19410 in its SDP message body.

But it actually didn't send the RTP from the media port announced in the SDP message body. But from the other port 10000. If the RTP Symmetric option is not checked.

PBX would return the RTP packets to the media address 200.62.X.X and port 19410.
After checking the NAT mode to YES, the issue was fixed.

mceclip2.png

2 - Force Rport

Force RFC3581 compliant behavior even when no rport parameter exists. Basically, always send SIP responses back to the same port we received SIP requests from.

The RFC 3581-defined 'rport' parameter allows a client to request that Asterisk send SIP responses to it via the source IP and port from which the request originated instead of the address/port listed in the top-most Via header.

This is useful if a client knows that it is behind a NAT and therefore cannot guess from what address/port its request will be sent.

Asterisk will always honor the 'rport' parameter if it is sent.

The force_rport setting causes Asterisk to always send responses back to the address/port from which it received requests even if the other side doesn't support adding the 'rport' parameter.

3 - Rewrite Contact

Determine whether SIP requests will be sent to the source IP address and port, instead of the address provided by the endpoint.

mceclip1.png

In Conclusion

Here is the relationship between the options and nat mode:

  • If NAT mode set to Yes, it presents that all the 3 options are applied.
  • If NAT mode set to Never or No, it doesn't apply any options above.
  • If NAT mode set to Route, it indicates PBX would apply the option 2 and 3.

Options Reference: https://wiki.asterisk.org/wiki/display/AST/Configuring+res_pjsip+to+work+through+NAT 

Extension NAT Settings

Except for the SIP general settings. The NAT settings on each extension page are important as well.

mceclip2.png

Register Remotely

These options should be enabled when you try to register from the IP address segment other than the PBX LAN port. Not matter you register from an extranet or VPN network.
Even you register via WAN or the other segment of the local network, the option is required to be enabled.

NAT Option

This would make the extension apply the same options when NAT Mode = Yes for the corresponding extension you have configured.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.