My client has an asterisk system which registers OK with voiptalk.org when nat=never is specified in sip.conf. However setting nat=no causes registration to fail with status 401 unauthorised. Using wireshark it appears that the authentication information is absence from the nat=no case, but present with nat=never. The asterisk version is 1.4.14.
nat=no appears to be the correct option; any help to understand why registration doesn’t work with this option would be appreciated.
The same client has issues with DID incoming call setup, whereby asterisk attempts to send the acknowledgement packet to INVITE to a port other than 5060 specifed in the invite and call setup is failing.
Many thanks in advance for any assistance.
Niall
I have finally identfied the cause of the problem; if you have an Checkpoint NG firewall they change src ports for sip messages. We have tried everything to turn it off including switching off smart-defence and all sip intelligent stuff but it continues to change the src port from 5060 to a high address. This means that asterisk reponds to the wrong port when rport is set i.e. with Nat=No.
I know this is probably not the correct place to ask, but if anybody has had similar problems we’d be interested to understand how to disable the not so smart checkpoint intelligence.
I have finally identfied the cause of the problem; if you have an Checkpoint NG firewall they change src ports for sip messages. We have tried everything to turn it off including switching off smart-defence and all sip intelligent stuff but it continues to change the src port from 5060 to a high address. This means that asterisk reponds to the wrong port when rport is set i.e. with Nat=No.
I know this is probably not the correct place to ask, but if anybody has had similar problems we’d be interested to understand how to disable the not so smart checkpoint intelligence.