Asterisk NAT/firewall issue

Hi there. My name is David Medina.

I think this is a million dollar question: Asterisk is inside a nat, clients or sip phones inside another nat

What can I do? or what should I do?

I’ve been trying to configure SER but it is quite tricky, (not to say impossible). I know there has to be a person that already encountered this problem and found a solution.

If that person is willing to share information about it, please let me know.


David Medina

I don’t know the particulars of your setup but my * server is behind a NAT gateway and I use an X-Lite softphone at my office which is behind a NAT gateway too. It works…Perhaps if you shared a little bit more about your setup and what is actually going wrong we could offer advice.


Although we need to know your setup to adequately follow up with this issue but you can also check out this thread and others within it, perhaps it will help; … 298a24bee0

I have set this up, it’s not too hard. SER is not required.

For * inside nat- define localnet= and externip= in sip.conf. Forward udp port 5060 and whatever range is defined in rtp.conf to the * box. (you can change the range, you only need a hundred ports or so unless you have tons of users)

For clients also inside nat- use STUN (this allows the phone to discover its own IP address and NAT type)

then put nat=yes and qualify=yes in the sip.conf statement for those phones. qualify=yes makes asterisk send the client a sip message every minute or two and measures the time for the reply. This keeps the NAT mapping on the client side open.

Hope that helps!

i connect nated x-lite with nated asterisk box using VPN.
openVPN is configured between 2 access servers
CLI> sip show peers
Name/username Host Dyn Nat ACL Port Status
700/700 10.8.0.X D N 14072 OK (150 ms)
82/82 192.168.6.X D 5060 OK (8 ms)
there are at least few solution for nated asterisk with nated clients