I have a new Asterisk (1.4.1) box, running at a datacenter, no NAT, it’s got a real IP address.
We have an office that wants to connect to it, behind a NAT router (NetBSD, ipfilter/ipnat).
I can get a single handset to talk to the server just fine, but not more than one handset. (They’re aastra 480i’s running 220.127.116.117).
nat=yes is enable in sip.conf for the accounts (which is how one handset can work!).
Any suggestions or clues? Do I need to run a SIP proxy on the firewall (I can get partysip, it’s in NetBSD’s pkgsrc, but this won’t apply to some people who work at home behind generic DSL NAT/routers)
Need to clarify if the entire office is behind one NAT firewall. If that, you’ll need to use a distinct port for each phone. If you don’t care to program port forwarding, then each phone must use a different local port. There was a discussion about some phones incapable of using local ports other than 5060 - I vaguely remember Aastra was mentioned. If that, you are out of luck and have to fight with the vendor, or program the NAT.
yes thats correct, aastra phones are not capable of changing the local SIP port. There is a config option called SIP NAT PORT, goes along with SIP NAT IP, but all it does is change the port number sent in the SIP contact header.
Theoretically this can work if you forward that port to the phone AND nothing else needs a nat binding on port 5060, but it’s still not very useful. Email aastra support and ask them, the guy I talked to agreed it was a bug/PITA and the more requests he gets the more likely it is to be fixed…
you could also try the 18.104.22.1680 firmware released after the 5xi series came out, according to one guy it resulted in randomized local ports which shoudl solve the problem…