A few questions on SIP


I’m doing a small installation of six hardware IP phones (Cisco) in two offices communicating to one Asterisk server in the main office. I have set up the phones in the second office to point to out external IP of my Asterisk box in the main office, the phones inside the main office just pointed to the local IP of the Asterisk box.

I have yet to set up the firewall/NAT/port forwarding that the Asterisk box is sat behind. Of course all of the local phones in the main office registered with the Asterisk server as they are on the same network and no firewall stopping them from doing so. But in the second office one of the phones managed to register with my Asterisk server!?!?! Yet the others did not. Remember I have not set up either of the firewalls, currently both disabled port forwarding. All of the phones have a similar configuration, all register fine if on the local network.

  1. How does SIP work with firewalls, NAT and the internet?
  2. Is there any difference between SIP host and proxy?
  3. Why can my phone work out the box registering to a SIP provider, yet Asterisk needs ports to be forwarded?
  4. If the firewall is closed can only one client use SIP (register to a server)?
  5. Is it true that clients (e.g. desk phone, mobile) can be sat behind a nat/firewall with port forwarding not on and manage to connect?

Hopefully you can understand why I’m confused.


You need to forward the 5060 port in your public IP to the internal ip of asterisk, forward the ports defined in the rtp.conf too -usally 10000-20000- but check it in the conf file. Set the option nat=yes in the peer configuration. And obiously allow in your firewall the ports.

Yes, thanks, but that was not my question. I just want to know how do client devices work behind a firewall? Like my android phone can register make/receive SIP calls on any internet connection. Why is Asterisk so special?

maybe this link help you voip-info.org/wiki/view/NAT+and+VOIP

Asterisk is not special. It works perfectly fine(at least as good as softphones) behind firewall w/o port forwarding. The port forwarding fallacy is perpetuated by people misconfiguring their settings. The only reason for port forwarding is when your provider does not support comedia, but then softphones would not work either.

For an example of an asterisk distro w/o port forwarding check nerdvittles.com/?p=684