I have an Asterisk server behind a NAT, and multiple internal (on the same network as the Asterisk server) and external (on different networks NAT’d) SIP phones all working fine, except one.
When the one non-working phone tries to make a call, the IP address that ends up in the SIP header is a mangled version of the external IP. The phone doesn’t know the external IP, so I know the firewall on the client’s side is mangling the IP address. It comes through as something like “220.127.116.1106”, which obviously is not a valid IP address. So errors such as “netsock2.c:263 ast_sockaddr_resolve: getaddrinfo(“18.104.22.16806”, “(null)”, …): Name or service not known” show up in the log. A SIP trace shows that this is the IP address that Asterisk is receiving from the client, so I don’t think Asterisk is to blame. On the phone (GXP2100), it displays “488 Not Acceptable Here”.
In searching for this, I found other people who had the same issue, and the solution was generally to disable the SIP Helper (or similar) functionality in the firewall. An example is here (the symptoms described are the same as mine):
tomatousb.org/forum/t-303479/tra … rs-problem
This particular client has an Airlink101 Super G AR430W. I’ve sifted through its configuration, but can’t find anything SIP related. While I’m fairly certain that replacing this device will solve the issue, I’d like to find a better solution so that when/if I encounter this again, I won’t need to keep buying new firewalls.
Is there a setting in either Asterisk or the phone itself that could send the data in such a way as to prevent the firewall from thinking it’s a good idea to try and “help” with the connection by modifying the packets?