Asterisk Behind NAT without using DMZ or Port forwarding

Asterisk Asterisk Support
1

Hi all,
I am a asterisk Hobbyists,but recently I got troubles with asterisk behind nat.Well,you know that network environment is complex.So I want to test the performance of asterisk as a SIP UAS when it is behind nat and remote SIP UAC connecting to the Asterisk.I set up sip.conf like this:
[general]
nat = yes
externip = my_nat_public_ip
localnet = 192.168.122.0
[3805]
;my remote extension
nat = yes
qualify=yes
;adding these two parameters,some basic parameter for example context type,secret,host,port and so on don’t be mentioned here.

  Then I login in NATdevice WEB UI and port forwarding my asterisk local IP and port 5060 to WAN port 5060(or I can also use DMZ function to expose my asterisk server IP ports to Internet).Having done these,My remote extension could connecting and register to my asterisk.
  But making use of DMZ and port forwarding function in the NAT Device  is not safe for my asterisk,I think.
  Question 1: I want to know what meathod could I use to solve the problem that maintain the mapping between internal IP and port 5060 of my asterisk and public port 5060 without using DMZ or port forwarding.
  Question 2: Does asterisk support stun???How deeply asterisk support If it support?
  Thank you for reading this topic and any reply will be appreciated.
  Looking forwarding for your answers ASAP. Thank you again.
2

Q1 Port forwarding is by far the easiest way of doing this; why do you want to make life difficult?

Q2: Asterisk does support STUN. I’ve never used it, so I can’t say how complete the implementation is.

3

[quote=“david55”]Q1 Port forwarding is by far the easiest way of doing this; why do you want to make life difficult?

Q2: Asterisk does support STUN. I’ve never used it, so I can’t say how complete the implementation is.[/quote]

Thank you for you answer.
For Q1 I just want asterisk server to be more safe but my limited knowledge about networking keeps me from coming up a good solution.

4

[quote=“david55”]Q1 Port forwarding is by far the easiest way of doing this; why do you want to make life difficult?

Q2: Asterisk does support STUN. I’ve never used it, so I can’t say how complete the implementation is.[/quote]

     Now I think about a solution by using a proxy server such as SBC.Asterisk connects to SBC and sends OPTIONS SIP packets to SBC to maintain mapping IP and port in NAT. And a remote SIP Phone could sends SIP packets to SBC first,SBC then transmits the packets to NAT public IP and port which mapping to internal Asterisk server.Asterisk also response SIP packets to SBC,and SBC transmit packet to remote SIP Phone.
    Theoretically speaking,this solution would work.But how to configure asterisk to connect SBC and send OPTIONS SIP packets periodicly ????? By using a SIP trunk to register to SBC ???
5

It is better to use simple NAT with port forwarding.

To use a proxy, look at sip.conf.sample. The options should be fairly obvious.

To use OPTIONS purely as a keepalive/watchdog, use the qualify option.

6

[quote=“david55”]It is better to use simple NAT with port forwarding.

To use a proxy, look at sip.conf.sample. The options should be fairly obvious.

To use OPTIONS purely as a keepalive/watchdog, use the qualify option.[/quote]

well,thanks a lot for your replys. :smile: I will try how to configure sip.conf for registering my asterisk to SIP proxy.