Asterisk under nat?

If asterisk located under the nat and some sip agents are located to wan segment of the asterisk so how could be adjusted asterisk parameters?
Asterisk is lan side of the router and some phones are same network segment with asterisk, some sip agents are wan side of the router. So how could I adjust asterisk parameters and I agent parameters?

There is a section called ----- NAT SUPPORT ------ in the sip.conf sample file. If you read it will be very helpful

but in advance these parameters need to be set according to your network

localnet=your-net-add/mask
externaddr=external-ip
nat =force_rport,comedia

source : http://svn.digium.com/svn/asterisk/trunk/configs/samples/sip.conf.sample

External ip means public ip?
what does at mean rport and comedia?

All the answers are on the link I just sent you.

nat = comedia (Send media to the port Asterisk received it from regardless of where the SDP says to send it.)

nat = force_rport (Pretend there was an rport parameter even if there wasn’t )

a. “externaddr = hostname[:port]” specifies a static address[:port] to
; be used in SIP and SDP messages.
; The hostname is looked up only once, when [re]loading sip.conf .
; If a port number is not present, use the port specified in the “udpbindaddr”
; (which is not guaranteed to work correctly, because a NAT box might remap the
; port number as well as the address).

nat=yes is equivalent to nat=force_rport,comedia

Either one works but nat=yes has been deprecated, meaning there is no guarantee it will work in the future.

In extension settings there is nat setting. And there is a another nat setting in general parameter.
In extension setting nat=yes means this peer is under the natted router?

In general setting, nat=yes means asterisk is working a pc or machine which is located under the natted router?

The general setting values are defaults for the specific sections.

Also none of them mean that you are using NAT there. They just represent various hacks for dealing with NAT. Most of the non-default ones are only useful if Asterisk is outside NAT and the peer is inside.

indent preformatted text by 4 spacesIf asterisk is inside nat? And sip user agents are outside of nat? How must modify my parameters?illustrated image was attached to message.

I think you are making it overcomplicated. Just use nat=yes for everything.

It works whether it is required or not. I have never run into a situation that was corrected by changing nat=yes to nat=no so nat=yes should always be the default imo.

Only thing I am aware of that requires nat=no is directmeda=yes formerly known as canreinvite=yes. That is a whole other subject.

The default is neither yes nor no. no turns off some options that are normally on.

I’m pretty sure the reason that yes is deprecated is to make people think what they really need.

As I understand it, comedia only works if only one side uses it. Otherwise I think you get a stalemate where both sides are waiting to see where the other’s media will come from, before sending any media. It also delays the start of media.

As I understood replied answers that General sip parameters are default parameter for all of sip channels.
If default general sip parameter is nat=yes it means that all of sip channels nat parameter is equal nat=yes.

If I change nat parameter of sip channel(for example extension 100) as nat=no (from extension part of illustrated configuration file)so it means that nat parameter of all sip channels are nat=yes else extension 100.

And comedia is parameter for sending rtp packets to right destination. Asterisk waits one side rtp packets(if extension is adjusted as nat=comedia so it means that this channel will wait rtp packet of its pair??or its rtp packets will be waited by asterisk?? )

I don’t understand the distinction in the last paragraph. With comedia, Asterisk doesn’t send any RTP to the peer until it has received RTP from the peer. It uses the port number in the RTP to decide where to send the RTP and ignores that in the SDP.

For example :
Extension 100: nat=comedia
Extension 101: nat=no

100 is calling 101. Whose SDP header (ip or port informations) is ignored? I think asterisk ignores SDP header of 100.

Asterisk ignores the port number in the SDP sent by the device you have called “Extension 100”. We cannot say what either of the two devices will do with the SDP that was sent from Asterisk.

My scenario like this

It does not work. If nat sided phone calls wan sided phone so there is one way audio.But If wan sided phone calls nat sided phone there is not any audio in both direction.
How can i fix this problem?

It will be easier if you provide the SDP negotiation and a small sample of RTP debug output.

However, you will want directmedia to be no or nonat, in this case.

direct media option is no.

Output of vi /etc/asterisk/sip_general_additional.conf

vmexten=*97
context=from-sip-external
callerid=Unknown
notifyringing=yes
notifyhold=yes
tos_sip=cs3
tos_audio=ef
tos_video=af41
alwaysauthreject=yes
useragent=FPBX-13.0.99(13.8.0)
disallow=all
allow=alaw
allow=ulaw
allow=gsm
allow=g726
rtpend=20000
callevents=no
rtpstart=10000
bindport=5061
bindaddr=0.0.0.0
jbenable=no
registerattempts=0
notifyringing=yes
registertimeout=20
allowguest=yes
rtpholdtimeout=300
rtpkeepalive=0
rtptimeout=30
srvlookup=no
notifyhold=yes
canreinvite=no
checkmwi=10
defaultexpiry=120
videosupport=no
g726nonstandard=no
maxcallbitrate=384
maxexpiry=3600
minexpiry=60
nat=force_rport,comedia
ALLOW_SIP_ANON=no
localnet=192.168.150.0/255.255.255.0

Output:
testCLI> rtp set debug ip 10.0.0.101
RTP Debugging Enabled for address: 10.0.0.101:0
test
CLI> rtp set debug ip 192.168.150.100
RTP Debugging Enabled for address: 192.168.150.100:0
testCLI>
test
CLI>
testCLI>
test
CLI>
test*CLI>
Got RTP packet from 192.168.150.100:10000 (type 08, seq 023358, ts 80164980, len 000160)
Got RTP packet from 192.168.150.100:10000 (type 08, seq 023359, ts 80165140, len 000160)
Got RTP packet from 192.168.150.100:10000 (type 08, seq 023360, ts 80165300, len 000160)
Got RTP packet from 192.168.150.100:10000 (type 08, seq 023361, ts 80165460, len 000160)
Got RTP packet from 192.168.150.100:10000 (type 08, seq 023362, ts 80165620, len 000160)
Got RTP packet from 192.168.150.100:10000 (type 08, seq 023363, ts 80165780, len 000160)

One way audio is almost always NAT or codec.

For testing turn off all codecs except ulaw or alaw. Try an echo test from each extension and see if you can hear your own voice.

For testing set everything to NAT=yes or force_rport,comedia. Not just in general but for each extension as well. If you do not have nat=yes or force_rport,comedia for each extension you will hear what you are describing.

Also disable SIP ALG on your router(s) if enabled.

Don’t get hung up on the confusing force_rport, comedia thing trying one or the other. Just use nat=yes for testing. It still works, it’s just deprecated. Don’t try make it overly complicated. One way audio is a well understood and documented problem.

Also make sure you have the following configured. I don’t see the externip= in your config