Asterisk + NAT...It's been asked a hundred times..or has it?

So I set up my asterisk server at work, and got some free inbound DIDs, two from FWD/IPKall and one from Stanaphone. After a few hours of banging my head on the wall, I got the BudgeTone 101 to ring when I dialed one of the numbers! Woot! When I went home for the day, I grabbed the phone and set it up at home. Both the phone at home and the * server are behind Linksys routers (WRT54G to be exact) and the work router forwards all the neccessary ports (UDP 10000-20000, 5004-5082, and 4569) directly to the * server. I logged into the * box remotely and added a new SIP entry into sip.conf for the phone and edited my extensions.conf to call the new extension instead of the one it was dialing (100).

[101] type=friend secret=1234 host=dynamic dtmfmode=rfc2833 context=internal nat=yes qualify=yes canreinvite=no callerid="Ben Utne" <101>

And the phone registered the first time to my surprise. Now here’s the wierd part. With absolutely no ports forwarded to the phone (behind a NAT as you’ll recall) at home, I could dial my DIDs and the phone rang! I even went so far as to forward the entire port range like at work to a bogus IP on my home network and the thing STILL worked! How in the world is that possible?

Ring / answer no problem…

Speak to someone…two way audio is now issue…

The thing is, I CAN talk to someone. My wife called one of the IPKall DIDs while she was at work and it rang through at home. Again, let me remind you that there are NO ports forwarded on the router at home and this server is across town behind another NAT, and even a different network (DSL versus cable internet at home)

This is why I’m so confused.

i’m pretty sure that the SIP phone is sending a constant stream of keep-alive messages to the server in order to keep the NAT tunnel open.

in my experience, once you get NAT working, SIP does a better job at handling your situation than IAX does despite IAX’s supposed NAT hurdling ability. during my tests, about 3 out of 10 calls to my DID did not reach the IAX remote client. i think this is because the NAT tunnel was closing. but with a SIP client all 10 calls rang true.

i guess a lot must have to do with individual routers and VoIP clients and their NAT settings so perhaps my statement is not true across the board.