Sip behind NAT Router and Asterisk behind router wiith firewaill located remotely.
Phone in Pakistan and Asterisk in UK.
not alot of info but i will try.
Asterisk – firewall – internet – natrouter – phone
i assume is your set up.
You must through the firewall forward port 5060 to * and whatever ports you define in rtp.conf. If the firewall also provides NAT, you must set externip= and localnet= in sip.conf.
The phone must be using STUN of some kind to discover its own IP. I also suggest setting qualify=yes for that phone and/or forwarding ports to it.
If you want more helpful info you must post more details… what comes up on * cli, what doesnt work, etc etc
Thanks for reply:-
I would like to tell my problem with detail:-
My sip.conf
general]
port = 5060 ; Port to bind to (SIP is 5060)
bindaddr = 0.0.0.0 ;Address to bind to (all addresses on machine)
;bindport = 5050
nat=1
canreinvite=no
externip=xxxxx ;Outside addres
localnet=xxxxxx/255.255.255.0 ;Iside Network
srvlookup=yes
;When Asterisk is in behind a NAT
call-limit=1
usereceived=yes
maxexpirey=3600 ; Max length of incoming registration we allow
disallow=all
allow=g729
allow=gsm
allow=ulaw
allow=alaw
[55]
type=friend
host=dynamic ;10.0.0.88
username=55
secret=55
fromuser=55
context=ext-local ;from-sip
nat=yes
canreinvite=no
dtmfmode=rfc2833
port=5060
qualify=yes
externip=xxxxx ;Outside addres
localnet=xxxx/255.255.255.0 ;Iside Network
disallow=all
allow=ulaw
allow=alaw
extensions_additional.conf
[ext-local]
exten => 55,1,Dial(IP/55)
I set in My hardphone
DNS:xxxxxxx
Domain:xxxx
sip proxy=xxx (Domain and sip proxy is my asterisk server public IP)
I also stop my firewall from uk asterisk server.
My CLI are
IP read from 203.99.51.130:5060:
REGISTER sip:62.189.19.234 SIP/2.0
Via: SIP/2.0/UDP 203.99.51.130:5060;branch=z9hG4bK9DXWL6KGXMqIazoZ
Max-Forwards: 70
User-Agent: PA168T V1.50.005 CFG0
From: “55” sip:55@62.189.19.234;tag=rloNvHqPlLAFCMMz
To: “55” sip:55@62.189.19.234
Call-ID: lEZBUAaYQDBvzBYb@10.0.0.98
CSeq: 19792 REGISTER
Contact: sip:55@10.0.0.98:5060
Expires: 60
Content-Length: 0
— (11 headers 0 lines)—
Using latest REGISTER request as basis request
Sending to 203.99.51.130 : 5060 (NAT)
Transmitting (NAT) to 203.99.51.130:5060:
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 203.99.51.130:5060;branch=z9hG4bK9DXWL6KGXMqIazoZ;received=203.99.51.130
From: “55” sip:55@62.189.19.234;tag=rloNvHqPlLAFCMMz
To: “55” sip:55@62.189.19.234
Call-ID: lEZBUAaYQDBvzBYb@10.0.0.98
CSeq: 19792 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Max-Forwards: 70
Contact: sip:55@62.189.19.234
Content-Length: 0
Transmitting (NAT) to 203.99.51.130:5060:
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 203.99.51.130:5060;branch=z9hG4bK9DXWL6KGXMqIazoZ;received=203.99.51.130
From: “55” sip:55@62.189.19.234;tag=rloNvHqPlLAFCMMz
To: “55” sip:55@62.189.19.234;tag=as0ab7e865
Call-ID: lEZBUAaYQDBvzBYb@10.0.0.98
CSeq: 19792 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Max-Forwards: 70
Contact: sip:55@62.189.19.234
WWW-Authenticate: Digest realm=“asterisk”, nonce="36052cb3"
Content-Length: 0
I think my uk server send request to my sip hard phone but it could not reach to my sip phone.
Your help can solve my problem;
with regards
Satti
Layout
Asterisk -> Firewall-> router-> internet->router with NAT-> sip phone
first, you only define localnet and externip once in sip.conf, in [general]. don’t define them again in the phone entry.
also your problem is not nat related I don’t think. Note that in your sip debug, the last one says unauthorized. That means you have an authentication failure, not a networking issue. Perhaps change or remove authuser on the phone or username= in *?
Thanks for Reply
Dear you know sip phone asterisk registeration process:-
During registeration sip phone and asterisk follwoing packets send to eachother:-
- Phone send Asterisk Register Request
- Asterisk send phone 100 Trying Request
- Asterisk send phone 104 unathorized Request
- Phone send Asterisk again Register Request
- Asterisk send phone 100 Trying Request
- Asterisk send phone 200 ok Request
If asterisk send phone 200 ok request it means our phone has been registered by asterisk otherwise no.
So it is not problem of unauthorization request asterisk always first time send this packet to phone during registeration process.
My problem is that my phone send my packet and asterisk receive it but when asterisk send packet to phone my phone could not receive that packet.
Have you any idea to solve this problem. I also try to take live IP and do this practice so that I can find what my problem is.
Acooridng to my thinking my problem is NAT /Firewall/Ports Problem
with regards
Satti
Just FYI, that wierd sequence is normal. SIP does not include authentication with the first request, it just makes the request. The proxy replies with unauthorized, which also includes a ‘salt’ for hashing the password. The client then again tries to connect, this time with a hashed password, which is accepted.
I had thought the unauthorized was the end of the sequence.
this is odd. try forwarding ports to the phone on the NAT side?
Thanks for reply
I run my sip phone call set up with astreisk locally successfully but remotely I am facing this trouble.
Which ports should be opened when my sip phone behind nat router and my asterisk behind firewall
I think I need
5060 -5082 UDP ports open
8000-20000 RTP ports open
what your suggestion in this regards
I can check that asterisk send packet to sip phone but How I can check that asterisk request packet is receing my sip phone. ------?
It is confirmed that my sip phone send packet to asterisk and asterisk receive it.
with Rgds
Satti
you need (for SIP)
port 5060 udp (5061-5082 are not used by SIP)
a range of rtp ports, this is whatever you want and is defined in rtp.conf. They are also udp.