<html><head><base href="x-msg://1860/"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Hi Sean,<div><br></div><div>Yes SIP and NAT do not play well together. Most of our customers all use some form of NAT to access our FreeSWITCH servers, although not double NAT. I have found that pretty much most of the current mainstream routers and phones work as long as you have the latest software. One of the biggest things I find is that if you have more than one SIP device registered behind a NAT with SIP ALG you will get very mixed results.</div><div><br></div><div>It will also depend on how many devices you have behind the NAT, some routers seem to have issue processing NAT for more than 10 devices all originating on port 5060.</div><div><br></div><div>Here is a few things I will often do to get a customer to connect via a NAT device:</div><div><br></div><div>- Turn off SIP ALG on the router</div><div>- Look for a setting on your VoIP device called Rport, set this to enabled. </div><div>- Try putting each phones local SIP port on its own unique port, e.g. extension 1001 = port 5001, 1002 = port 5002</div><div>- Try TCP as the transport protocol</div><div><br></div><div>Also have a look here I have been able to get some useful information from this article - <a href="http://wiki.freeswitch.org/wiki/ALG">http://wiki.freeswitch.org/wiki/ALG</a>, especially the DG834's with DOS protection.</div><div><br></div><div>Personally I use the following routers with no issues:</div><div><br></div><div>- Billion 7401VGP</div><div>- Billion 7800NL</div><div>- Billion 7404</div><div>- Cisco 857/877</div><div>- MicroTik seemed to be quite reasonable as well</div><div><br></div><div>For Phones I have running:</div><div><br></div><div>- Yealink T22,T26,T28,T32,T38</div><div>- Snom 360</div><div>- Siemens Gigaset</div><div><br></div><div><br></div><div>Hope this helps.</div><div><br></div><div>Cheers,</div><div><br></div><div>Ash</div><div><br></div><div><br><div><div>On 01/06/2012, at 4:10 AM, Sean Devoy wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><span class="Apple-style-span" style="border-collapse: separate; font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><div lang="EN-US" link="blue" vlink="purple"><div class="WordSection1" style="page: WordSection1; "><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; ">HI All,<o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><o:p> </o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; ">I have a customer location that has just been a nightmare to implement. I am just learning that they “may” have multiple NAT routers in sequence at their location. I think I fully understand what NAT is trying to accomplish. There seem to be different levels and approaches. <o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><o:p> </o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; ">The most basic NAT setup (to me) is a HOME LAN with multiple PCs where NAT allows multiple devices to share a single routable IP address on the WAN side from multiple local devices the LAN side. Note I said OUTBOUND initiated connections. Even FTP can have trouble with this level. Almost all inbound traffic is blocked for security.<o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><o:p> </o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; ">Clearly for FS we need the switch to be able to punch through from the WAN to specific local IPs on the LAN to reach specific phones. This is INBOUND NAT and brings up many security issues for people. Even on devices where you get this “working” you may only be able to support one line per phone or a single inbound connection at a time.<o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><o:p> </o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; ">I understand NAT has PMP and UPnP protocols and FS “supports” both. What I can’t find is where someone says “Here is a great setup that works with cheap, available “commodity” hardware from Cisco/Linksys that supports all the NAT you need for FS.” I don’t care if it is PMP or UPnP and I might not even care why you pick one over the other, although it is probably a “good read”.<o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><o:p> </o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; ">Can someone just stand up say “FS works GREAT with the XYZ router in ABC mode from MY COMPANY using NAT to Cisco phones”?<o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><o:p> </o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; ">I have seen some articles about Freeware/Shareware firmware in this devices, but as a novice I want to limit the unknowns until I get more up to speed.<o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><o:p> </o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; ">My specific issue now is that I cannot get SCA to work at the NAT location. I issued:<o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; text-indent: 0.5in; ">sofia_contact<span class="Apple-converted-space"> </span><a href="mailto:220@mydomain.com" style="color: blue; text-decoration: underline; ">220@mydomain.com</a><o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; text-indent: 0.5in; ">sofia/external/sip:200@<ip address>:44234,sofia/external/sip:200@<same ip>:1024<o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><o:p> </o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; ">Only one phone rings on inbound and the line indicator light does not change when either is picked up. Same configuration is working on our LAN with the switch.<o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><o:p> </o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; ">I am absolutely ready to by a router to fix these issues, I don’t want to lose this customer.<o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; "><o:p> </o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; ">Thanks for your thoughts,<o:p></o:p></div><div style="margin-top: 0in; margin-right: 0in; margin-left: 0in; margin-bottom: 0.0001pt; font-size: 11pt; font-family: Calibri, sans-serif; ">Sean<o:p></o:p></div></div>_________________________________________________________________________<br>Professional FreeSWITCH Consulting Services:<br><a href="mailto:consulting@freeswitch.org" style="color: blue; text-decoration: underline; ">consulting@freeswitch.org</a><br><a href="http://www.freeswitchsolutions.com" style="color: blue; text-decoration: underline; ">http://www.freeswitchsolutions.com</a><br><br>FreeSWITCH-powered IP PBX: The CudaTel Communication Server<br><a href="http://www.cudatel.com" style="color: blue; text-decoration: underline; ">http://www.cudatel.com</a><br><br>Official FreeSWITCH Sites<br><a href="http://www.freeswitch.org" style="color: blue; text-decoration: underline; ">http://www.freeswitch.org</a><br><a href="http://wiki.freeswitch.org" style="color: blue; text-decoration: underline; ">http://wiki.freeswitch.org</a><br><a href="http://www.cluecon.com" style="color: blue; text-decoration: underline; ">http://www.cluecon.com</a><br><br>Join Us At ClueCon - Aug 7-9, 2012<br><br>FreeSWITCH-users mailing list<br><a href="mailto:FreeSWITCH-users@lists.freeswitch.org" style="color: blue; text-decoration: underline; ">FreeSWITCH-users@lists.freeswitch.org</a><br><a href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users" style="color: blue; text-decoration: underline; ">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a><br>UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users<br><a href="http://www.freeswitch.org" style="color: blue; text-decoration: underline; ">http://www.freeswitch.org</a></div></span></blockquote></div><br>
<br></div></body></html>