<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><base href="x-msg://1860/"><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.apple-style-span
{mso-style-name:apple-style-span;}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Thanks for the response.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>At this point I can say I have 2 working and 1 not working configuration. Also, thanks for the SIP ALG tip (3 hours too late!) I turned it on and things went to crap.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>So my WOKING configa are:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><FS w/ local IP> to <FIOS 25MB router> to <Motorla Cable Modem> to <Cisco RVS4000> to <CISCO SPA-504G phones><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><FS w/ local IP> to <FIOS 25MB router> to <Motorla Cable Modem> to <Linksys home router ???? > to <CISCO SPA-504G phones><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Calls, MWI, SCA, etc across those 2 configs works PERFECTLY.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I left out <fs> on local lan to <Cisco 504g> is wonderful too.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Unfortunately, the customer setup is:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><FS w/ local IP> to <FIOS 25MB router> to <COMCAST Business Cable Modem> to <Cisco E1200> to <CISCO SPA-504G phones><o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Results are all over the place. I don’t think they can support 2 inbound calls at the same time. MWI is spotty, SCA is not working. Turning on SIP ALG on Cisco E1200 led to a small riot and has been banished from the kingdom for every.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I think tomorrow we are getting them a Cisco RVS4000.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Sean<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> Ashley Breeden [mailto:ash@url.net.au] <br><b>Sent:</b> Thursday, May 31, 2012 7:52 PM<br><b>To:</b> FreeSWITCH Users Help<br><b>Subject:</b> Re: [Freeswitch-users] NAT issues and "best practices"<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal>Hi Sean,<o:p></o:p></p><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Yes SIP and NAT do not play well together. Most of our customers all use some form of NAT to access our FreeSWITCH servers, although not double NAT. I have found that pretty much most of the current mainstream routers and phones work as long as you have the latest software. One of the biggest things I find is that if you have more than one SIP device registered behind a NAT with SIP ALG you will get very mixed results.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>It will also depend on how many devices you have behind the NAT, some routers seem to have issue processing NAT for more than 10 devices all originating on port 5060.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Here is a few things I will often do to get a customer to connect via a NAT device:<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>- Turn off SIP ALG on the router<o:p></o:p></p></div><div><p class=MsoNormal>- Look for a setting on your VoIP device called Rport, set this to enabled. <o:p></o:p></p></div><div><p class=MsoNormal>- Try putting each phones local SIP port on its own unique port, e.g. extension 1001 = port 5001, 1002 = port 5002<o:p></o:p></p></div><div><p class=MsoNormal>- Try TCP as the transport protocol<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Also have a look here I have been able to get some useful information from this article - <a href="http://wiki.freeswitch.org/wiki/ALG">http://wiki.freeswitch.org/wiki/ALG</a>, especially the DG834's with DOS protection.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Personally I use the following routers with no issues:<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>- Billion 7401VGP<o:p></o:p></p></div><div><p class=MsoNormal>- Billion 7800NL<o:p></o:p></p></div><div><p class=MsoNormal>- Billion 7404<o:p></o:p></p></div><div><p class=MsoNormal>- Cisco 857/877<o:p></o:p></p></div><div><p class=MsoNormal>- MicroTik seemed to be quite reasonable as well<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>For Phones I have running:<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>- Yealink T22,T26,T28,T32,T38<o:p></o:p></p></div><div><p class=MsoNormal>- Snom 360<o:p></o:p></p></div><div><p class=MsoNormal>- Siemens Gigaset<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Hope this helps.<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Cheers,<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal>Ash<o:p></o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p></div><div><p class=MsoNormal><o:p> </o:p></p><div><div><p class=MsoNormal>On 01/06/2012, at 4:10 AM, Sean Devoy wrote:<o:p></o:p></p></div><p class=MsoNormal><br><br><o:p></o:p></p><div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>HI All,<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> <o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>I have a customer location that has just been a nightmare to implement. I am just learning that they “may” have multiple NAT routers in sequence at their location. I think I fully understand what NAT is trying to accomplish. There seem to be different levels and approaches. <o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> <o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>The most basic NAT setup (to me) is a HOME LAN with multiple PCs where NAT allows multiple devices to share a single routable IP address on the WAN side from multiple local devices the LAN side. Note I said OUTBOUND initiated connections. Even FTP can have trouble with this level. Almost all inbound traffic is blocked for security.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> <o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>Clearly for FS we need the switch to be able to punch through from the WAN to specific local IPs on the LAN to reach specific phones. This is INBOUND NAT and brings up many security issues for people. Even on devices where you get this “working” you may only be able to support one line per phone or a single inbound connection at a time.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> <o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>I understand NAT has PMP and UPnP protocols and FS “supports” both. What I can’t find is where someone says “Here is a great setup that works with cheap, available “commodity” hardware from Cisco/Linksys that supports all the NAT you need for FS.” I don’t care if it is PMP or UPnP and I might not even care why you pick one over the other, although it is probably a “good read”.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> <o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>Can someone just stand up say “FS works GREAT with the XYZ router in ABC mode from MY COMPANY using NAT to Cisco phones”?<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> <o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>I have seen some articles about Freeware/Shareware firmware in this devices, but as a novice I want to limit the unknowns until I get more up to speed.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> <o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>My specific issue now is that I cannot get SCA to work at the NAT location. I issued:<o:p></o:p></span></p></div><div><p class=MsoNormal style='text-indent:.5in'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>sofia_contact<span class=apple-converted-space> </span><a href="mailto:220@mydomain.com">220@mydomain.com</a><o:p></o:p></span></p></div><div><p class=MsoNormal style='text-indent:.5in'><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>sofia/external/sip:200@<ip address>:44234,sofia/external/sip:200@<same ip>:1024<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> <o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>Only one phone rings on inbound and the line indicator light does not change when either is picked up. Same configuration is working on our LAN with the switch.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> <o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>I am absolutely ready to by a router to fix these issues, I don’t want to lose this customer.<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'> <o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>Thanks for your thoughts,<o:p></o:p></span></p></div><div><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif"'>Sean<o:p></o:p></span></p></div><p class=MsoNormal><span style='font-size:13.5pt;font-family:"Helvetica","sans-serif"'>_________________________________________________________________________<br>Professional FreeSWITCH Consulting Services:<br><a href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a><br><a href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a><br><br>FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br><a href="http://www.cudatel.com">http://www.cudatel.com</a><br><br>Official FreeSWITCH Sites<br><a href="http://www.freeswitch.org">http://www.freeswitch.org</a><br><a href="http://wiki.freeswitch.org">http://wiki.freeswitch.org</a><br><a href="http://www.cluecon.com">http://www.cluecon.com</a><br><br>Join Us At ClueCon - Aug 7-9, 2012<br><br>FreeSWITCH-users mailing list<br><a href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a><br><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users<br><a href="http://www.freeswitch.org">http://www.freeswitch.org</a><o:p></o:p></span></p></div></div><p class=MsoNormal style='margin-bottom:12.0pt'><o:p> </o:p></p></div></div></body></html>