I am planning a new Asterisk installation, with a requirement that it needs to be behind a Cisco hardware firewall which does NAT to a single public IP address.
Any recommendations I have found say that I should multi-home the Asterisk server, i.e. use multiple NICs with eth0 being on the WAN side, and eth1 would be the internal network with my phones.
I do not see a logical reason why I do need to multi-home the server?
With a proper default route the network interface should route the packets properly to my NAT router.
Is it Asterisk which requires this?
I have done two such installations which were multi-homed, and they do work - but my question is, do I absolutely need to multi-home the server? Any differences in different Asterisk versions?
I can’t see a reason, either. Where did you see this advice?
As far as I am aware, this is not a ‘standard’ configuration. I would have it behind the Cisco only. Use 1:1 NAT and setup the appropriate rules. Are all the SIP phones on the same network as the Asterisk server? If some are outside the network, you may need to setup Asterisk NAT settings to allow the phones to properly register and function outside the network.
Hi,
you just publish an IP address and NAT it with your Asterisk box IP and do port forwarding for some TCP and UDP ports
also don’t forget to allow udp ports that in range with your rtp.
Note.
I am not using Cisco, but I just use a Linux box with iptables installed.
Cheers
Winanjaya
Thanks for the replies.
I have gone ahead with this now, and it does work fine.
As for where I found this advice, it’s by googling for Asterisk Behind NAT, and one article from this forum here. None really said you must do it, but there was no example without multi-homing …