Nat=route rtp still sent to contact IP

Asterisk Asterisk Support
1

I am running asterisk version 1.4.18. I have nat set to route. When a call comes in I still see rtp being sent to the contact IP address. Nat=route should have rtp being sent to the source IP the traffic was recieved from. Also under sip show peers host 7264.244.109 is being nated though asterisk has an N under nat. Any thoughts? I included a sip debug showing asterisk sending rtp to the private Ip which is the contact host ip.

Edgeview*CLI> sip show peers
Name/username Host Dyn Nat ACL Port Status
001469F80B27/001469F80B27 208.82.176.238 D N 5060 Unmonitored
0014F2752DAA/0014F2752DAA 72.64.244.109 D N 5060 Unmonitored
0000/0000 172.23.23.14 D N 5060 Unmonitored
0006/0006 (Unspecified) D N 0 Unmonitored
0005/0005 (Unspecified) D N 0 Unmonitored
0004/0004 (Unspecified) D N 0 Unmonitored
0003/0003 (Unspecified) D N 0 Unmonitored
0002/0002 (Unspecified) D N 0 Unmonitored
0001/0001 (Unspecified) D N 0 Unmonitored

EdgeviewCLI> sip set debug
SIP Debugging enabled
EdgeviewCLI>
<— SIP read from 72.64.244.109:5060 —>
INVITE sip:1@208.82.176.180 SIP/2.0
Via: SIP/2.0/UDP 192.168.1.100:5060;branch=z9hG4bK0b47003d
From: “0014F2752DAA” sip:0014F2752DAA@208.82.176.180;tag=0014f2752daa00041e0225df-3417d4d8
To: sip:1@208.82.176.180
Call-ID: 0014f275-2daa0004-4301fdb7-20757797@192.168.1.100
Max-Forwards: 70
Date: Mon, 05 Oct 2009 23:44:37 GMT
CSeq: 101 INVITE
User-Agent: Cisco-CP7940G/8.0
Contact: sip:0014F2752DAA@192.168.1.100:5060;transport=udp
Expires: 180
Accept: application/sdp
Allow: ACK,BYE,CANCEL,INVITE,NOTIFY,OPTIONS,REFER,REGISTER,UPDATE
Supported: replaces,join,norefersub
Content-Length: 278
Content-Type: application/sdp
Content-Disposition: session;handling=optional

v=0
o=Cisco-SIPUA 11113 0 IN IP4 192.168.1.100
s=SIP Call
t=0 0
m=audio 29630 RTP/AVP 0 8 18 101
c=IN IP4 192.168.1.100
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=sendrecv

<------------->
— (17 headers 13 lines) —
Sending to 72.64.244.109 : 5060 (NAT)
Using INVITE request as basis request - 0014f275-2daa0004-4301fdb7-20757797@192.168.1.100
Found peer '0014F2752DAA’
Found RTP audio format 0
Found RTP audio format 8
Found RTP audio format 18
Found RTP audio format 101
Peer audio RTP is at port 192.168.1.100:29630
Found audio description format PCMU for ID 0
Found audio description format PCMA for ID 8
Found audio description format G729 for ID 18
Found audio description format telephone-event for ID 101
Capabilities: us - 0x8000e (gsm|ulaw|alaw|h263), peer - audio=0x10c (ulaw|alaw|g729)/video=0x0 (nothing), combined - 0xc (ulaw|alaw)
Non-codec capabilities (dtmf): us - 0x1 (telephone-event), peer - 0x1 (telephone-event), combined - 0x1 (telephone-event)
Peer audio RTP is at port 192.168.1.100:29630
Looking for 1 in edgeview (domain 208.82.176.180)
list_route: hop: sip:0014F2752DAA@192.168.1.100:5060;transport=udp

<— Transmitting (NAT) to 72.64.244.109:5060 —>
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 192.168.1.100:5060;branch=z9hG4bK0b47003d;received=72.64.244.109
From: “0014F2752DAA” sip:0014F2752DAA@208.82.176.180;tag=0014f2752daa00041e0225df-3417d4d8
To: sip:1@208.82.176.180
Call-ID: 0014f275-2daa0004-4301fdb7-20757797@192.168.1.100
CSeq: 101 INVITE
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces
Contact: sip:1@208.82.176.180
Content-Length: 0

<------------>
Audio is at 208.82.176.180 port 16440
Adding codec 0x4 (ulaw) to SDP
Adding codec 0x8 (alaw) to SDP
Adding non-codec 0x1 (telephone-event) to SDP
Edgeview*CLI>
<— Reliably Transmitting (NAT) to 72.64.244.109:5060 —>
SIP/2.0 200 OK
Via: SIP/2.0/UDP 192.168.1.100:5060;branch=z9hG4bK0b47003d;received=72.64.244.109
From: “0014F2752DAA” sip:0014F2752DAA@208.82.176.180;tag=0014f2752daa00041e0225df-3417d4d8
To: sip:1@208.82.176.180;tag=as5a3e94db
Call-ID: 0014f275-2daa0004-4301fdb7-20757797@192.168.1.100
CSeq: 101 INVITE
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Supported: replaces
Contact: sip:1@208.82.176.180
Content-Type: application/sdp
Content-Length: 266

v=0
o=root 3031 3031 IN IP4 208.82.176.180
s=session
c=IN IP4 208.82.176.180
t=0 0
m=audio 16440 RTP/AVP 0 8 101
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=silenceSupp:off - - - -
a=ptime:20
a=sendrecv

<------------>
evasterisk.pl|192.168.1.100|sip:0014F2752DAA@192.168.1.100:5060|Cisco-CP7940G/8.0|CSCO/7||sip:0014F2752DAA@192.168.1.100:5060: Edgemarc IP: 192.168.1.100
evasterisk.pl|192.168.1.100|sip:0014F2752DAA@192.168.1.100:5060|Cisco-CP7940G/8.0|CSCO/7||sip:0014F2752DAA@192.168.1.100:5060: Phone uri: sip:0014F2752DAA@192.168.1.100:5060
evasterisk.pl|192.168.1.100|sip:0014F2752DAA@192.168.1.100:5060|Cisco-CP7940G/8.0|CSCO/7||sip:0014F2752DAA@192.168.1.100:5060: UserAgent: Cisco-CP7940G/8.0
evasterisk.pl|192.168.1.100|sip:0014F2752DAA@192.168.1.100:5060|Cisco-CP7940G/8.0|CSCO/7||sip:0014F2752DAA@192.168.1.100:5060: Alternate UserAgent: CSCO/7
evasterisk.pl|192.168.1.100|sip:0014F2752DAA@192.168.1.100:5060|Cisco-CP7940G/8.0|CSCO/7||sip:0014F2752DAA@192.168.1.100:5060: Alternate Record-Route:
evasterisk.pl|192.168.1.100|sip:0014F2752DAA@192.168.1.100:5060|Cisco-CP7940G/8.0|CSCO/7||sip:0014F2752DAA@192.168.1.100:5060: New uri: sip:0014F2752DAA@192.168.1.100:5060
evasterisk.pl|192.168.1.100|sip:0014F2752DAA@192.168.1.100:5060|Cisco-CP7940G/8.0|CSCO/7||sip:0014F2752DAA@192.168.1.100:5060: Phone Name: 0014F2752DAA
evasterisk.pl|192.168.1.100|sip:0014F2752DAA@192.168.1.100:5060|Cisco-CP7940G/8.0|CSCO/7||sip:0014F2752DAA@192.168.1.100:5060: Attempting Conduit for Group: 0
Edgeview*CLI>
<— SIP read from 72.64.244.109:5060 —>
ACK sip:1@208.82.176.180:5060 SIP/2.0
Via: SIP/2.0/UDP 192.168.1.100:5060;branch=z9hG4bK31f13c50
From: “0014F2752DAA” sip:0014F2752DAA@208.82.176.180;tag=0014f2752daa00041e0225df-3417d4d8
To: sip:1@208.82.176.180;tag=as5a3e94db
Call-ID: 0014f275-2daa0004-4301fdb7-20757797@192.168.1.100
Max-Forwards: 70
Date: Mon, 05 Oct 2009 23:44:37 GMT
CSeq: 101 ACK
User-Agent: Cisco-CP7940G/8.0
Content-Length: 0

<------------->
— (10 headers 0 lines) —
Edgeview*CLI> sip set debug off
SIP Debugging Disabled

Global Settings:

SIP Port: 5060
Bindaddress: 0.0.0.0
Videosupport: No
AutoCreatePeer: Yes
Allow unknown access: Yes
Allow subscriptions: Yes
Allow overlap dialing: Yes
Promsic. redir: No
SIP domain support: No
Call to non-local dom.: Yes
URI user is phone no: No
Our auth realm asterisk
Realm. auth: No
Always auth rejects: No
Call limit peers only: No
Direct RTP setup: No
User Agent: Asterisk PBX
MWI checking interval: 10 secs
Reg. context: (not set)
Caller ID: asterisk
From: Domain:
Record SIP history: Off
Call Events: Off
IP ToS SIP: none
IP ToS RTP audio: none
IP ToS RTP video: none
T38 fax pt UDPTL: No
RFC2833 Compensation: No
SIP realtime: Disabled

Global Signalling Settings:

Codecs: 0x8000e (gsm|ulaw|alaw|h263)
Codec Order: none
T1 minimum: 100
Relax DTMF: No
Compact SIP headers: No
RTP Keepalive: 0 (Disabled)
RTP Timeout: 0 (Disabled)
RTP Hold Timeout: 0 (Disabled)
MWI NOTIFY mime type: application/simple-message-summary
DNS SRV lookup: Yes
Pedantic SIP support: No
Reg. min duration 60 secs
Reg. max duration: 3600 secs
Reg. default duration: 120 secs
Outbound reg. timeout: 20 secs
Outbound reg. attempts: 0
Notify ringing state: Yes
Notify hold state: No
SIP Transfer mode: open
Max Call Bitrate: 384 kbps
Auto-Framing: No

Default Settings:

Context: edgeview
Nat: Route
DTMF: rfc2833
Qualify: 0
Use ClientCode: No
Progress inband: Never
Language: (Defaults to English)
MOH Interpret: default
MOH Suggest:
Voice Mail Extension: asterisk

2

What type of router do you have, and does it have a SIP application layer gateway? (I am having a lot problems configuring Asterisk/NAT behind a Cisco router, which I think is caused by the Cisico SIP ALG changing the source IP address in the RTP packets.) Also, have you tried nat=yes?

Ian

3

Sometimes using STUN server is very helpful.

4

As far as you cisco router/firewall if you turn off sip inspection it should help. I have tried nat=yes with the same results. It is not an issue with the firewall because nat=route should have asterisk send rtp to the source ip not the ip in the contact field. It is like something is broke in the asterisk server. This was previously working 1 month ago. I had this setup in my lab so the cisco ip phone and cheap linksys router did not change. I suspect there is an issue with the asterisk server files though do not know were to look.

5

Indeed, it works for me, as long as I don’t use a Cisco router. Try setting the external phones to use a STUN server.

No, it doesn’t help, but it’s a long story. You can follow it on the link below if you find yourself unable to sleep sometime.

http://www.dslreports.com/forum/remark,23007527?hilite=zone+based

6

We are seeing asterisk 1.2 use nat properly. 1.4 is not using nat properly. We are looking into this futher and will report back.

7

Turns out to be a firewall issue. Originally we opened port 16384-17000 on yast firewall though somehow this changed. I put back in and now the nat’ed phones work.