Asterisk Tutorial 49 – NAT & NAT Tables Explained - pascom - ContactCenterWorld.com Blog
Introducing Asterisk and NAT Tables
Building on from last week’s Introduction to Network Address Translation (NAT), it is time to take a look at NAT Tables, NAT & SIP and how we can ensure that our NAT table does not forget our SIP connection account details.
How NAT Affects SIP Connections
Before moving forward, it may be a good idea to refresh your SIP knowledge in order to understand how SIP Registers work.
That said, what you really need to know and understand about NAT is that without it we wouldn’t be able to make and receive calls. That is why having a good understanding of NAT is essential when configuring your Asterisk phone system and registering your SIP providers.
The good news is that most Providers use NAT themselves to ensure that packet routing is done correctly. Meaning, even if the information in the SIP header contains your private IP address, providers generally use NAT to make sure that they send the packets to the right place.
Source NAT vs Destination NAT
As mentioned last time, there are two distinct types of NAT; Source NAT and Destination NAT. This begs the question – which type of NAT do we need, Source NAT, Destination NAT or do we need them both?
For starters, you will definitely require Source NAT. Without it, you will not be able to establish an internet connection as you local IP address will not be routed and your SIP registration will fail. That makes Source NAT an essential element of our telephony platform because as we know an internet connection is rather essential for VoIP telephony.
What about Destination NAT? By using source NAT to conduct their SIP registry an entry in the NAT table is then created. Some people think that as the entry only stays in the table for a short period of time, they need destination NAT in order to allow your SIP provider to route incoming telephony to their phone system. While this may the case in some cases, most providers do things a bit differently.
Destination NAT is in principal a sound methodology. However, it does have its drawbacks when working with SIP providers. If you use Destination NAT, there are risks involved as you will need to open your SIP ports and forward them to your internal ports. In itself, this could be okay if you only accept calls from the carriers IP address or host name.
But what about larger providers, they may have multiple IP addresses or constantly changing host names as a result of load balancing – what then? Some people are then tempted to open their ports to all incoming SIP requests and this is very dangerous as it will open your system to brut force attacks – so don’t do it.
Mathias Top Tip
If you have to use Destination NAT for whatever reason, then please restrict to the IP range of your provider as this will ensure the incoming SIP requests from your provider will be accepted whilst rejecting other perhaps malicious requests.
Thankfully most providers use an alternative method of keeping your NAT table open to ensure continued service and that is by forcing the NAT table to remember the SIP account credentials. In other words, always have an entry in the NAT table that contains the relevant information.
Once you have registered your Asterisk phone system to your SIP provider, most carriers are able to keep the NAT table entry from expiring by sending a so called “ping” request every 30 seconds or so, to which your system will simply respond with a 404 answer.
As the entry expiry time in the NAT table is about 1 minute, by sending a request every 30 seconds, carriers are able to ensure the SIP credentials are stored in the NAT table, thus allowing both incoming and outbound telephony without needing Destination NAT or port forwarding.
This can be seen when using set sip debug in your Asterisk CLI as every so often a new request will come in and be displayed on the CLI output.
pascom are the developers of the mobydick phone system that businesses love. Based on Asterisk, mobydick provides businesses a flexible, fully featured Open Standards phone system to meet today’s communication needs.
Why not take mobydick for a test spin with our free community download and find out how it can support you and your business communications.
For more on our mobydick phone system and to arrange a free personalised demo, give us a call on +49 991 29691 200 / +44 203 1379 964 or drop us a line via our website.
Until next time – Happy VoIPing!
Publish Date: May 25, 2016 5:00 AM
|All Suppliers||Get Listed|
(VIEW OUR PAGE)
HigherGround develops data collection, information storage, and interaction analytics solutions that easily transform data into actionable intelligence, enabling operational optimization, enhanced per...
(VIEW OUR PAGE)
Аутсорсинговый контакт-центр ConceptCall| КонцептКолл специализируется на исходящем и входящем телемаркетинге: мы предоставляем услуги по осуществлению холодных звонков и продажи по телефону, проводим...
(VIEW OUR PAGE)
Advanced AI technology and Natural Language Processing delivered to clients in the Cloud that harnesses both voice and digital conversations. The focus is on building an environment where intelligent ...
View more from pascom
Recent Blog Posts:
|Nexbridge UK SIP Provider pascom Interoperability||October 17, 2017 5:00 AM|
|What is Unified Communications?||September 29, 2017 5:00 AM|
|pascom 16 Focuses on UCC UX||September 26, 2017 5:00 AM|
|Summer Special: Cloud PBX Bundle||July 17, 2017 5:00 AM|
|pascom Boosts UC Offering with UK Hosted PBX||May 8, 2017 5:00 AM|
|pascom Launches UK Hosted PBX||May 5, 2017 5:00 AM|
|pascom Launch Hosted mobydick Telephony Service||October 4, 2016 5:00 AM|
|mobydick 7.13 Release||September 12, 2016 5:00 AM|
|Asterisk Tutorial 58 – Asterisk AMI Originate Dial||July 27, 2016 5:00 AM|
|Asterisk Tutorial 57 – Asterisk AMI Connect & Authenticate||July 20, 2016 5:00 AM|