The Trouble with NAT and VOIP

Archived from groups: comp.dcom.voice-over-ip (More info?)

This may shed some light for those who are trying to estabilish VOIP
behind a NAT router. - RM

from http://www.voip-info.org/wiki-NAT+and+VOIP
:

The Trouble with NAT and VOIP
"In addition, the way in which conventional VoIP protocols are designed
is also posing a problem to VoIP traffic passing through NAT.
Conventional VoIP protocols only deal with the signalling of a telephone
connection. The audio traffic is handled by another protocol and to make
matters worse, the port on which the audio traffic is sent is random.
The NAT router may be able to handle the signalling traffic, but it has
no way of knowing that the audio traffic is related to the signalling
and should hence be passed to the same device the signalling traffic is
passed to. As a result, the audio traffic is simply discarded.

"At first, for both the calling and the called party everything will
appear just fine. The called party will see the calling party's Caller
ID and the telephone will ring while the calling party will hear a
ringing feedback tone at the other end. When the called party picks up
the telephone, both the ringing and the associated ringing feedback tone
at the other end will stop as one would expect. However, the calling
party will not hear the called party (one way audio) and the called
party may not hear the calling party either (no audio).

"The issue of NAT Traversal is a major problem for the widespread
deployment of VOIP. Yet, the issue is non-trivial and there are no
simple solutions."
4 answers Last reply
More about trouble voip
  1. Archived from groups: comp.dcom.voice-over-ip (More info?)

    There is a simple solution! Edgewater Networks has a "box" that enables
    you to put your phones on private / NAT addresses. You don't have to
    punch holes in your firewall !

    http://www.edgewaternetworks.com

    Dilbert!


    Jim Hatfield wrote:
    > On Fri, 04 Feb 2005 10:44:44 -0500, Rick Merrill
    <RickMerrill@comcastTHROW.net> wrote:
    >
    > >"The issue of NAT Traversal is a major problem for the widespread
    > >deployment of VOIP. Yet, the issue is non-trivial and there are no
    > >simple solutions."
    >
    > UDP hole-punching seems to work pretty well.
    >
    > See: http://www.pdos.lcs.mit.edu/~baford/nat/draft-ford-natp2p-00.txt
    >
    > --
    > Jim Hatfield
  2. Archived from groups: comp.dcom.voice-over-ip (More info?)

    On Fri, 04 Feb 2005 10:44:44 -0500, Rick Merrill <RickMerrill@comcastTHROW.net> wrote:

    >"The issue of NAT Traversal is a major problem for the widespread
    >deployment of VOIP. Yet, the issue is non-trivial and there are no
    >simple solutions."

    UDP hole-punching seems to work pretty well.

    See: http://www.pdos.lcs.mit.edu/~baford/nat/draft-ford-natp2p-00.txt

    --
    Jim Hatfield
  3. Archived from groups: comp.dcom.voice-over-ip (More info?)

    On 4 Feb 2005 13:31:25 -0800, "Dilbert2004" <dilbert2004@gmail.com>
    wrote:

    >There is a simple solution! Edgewater Networks has a "box" that enables
    >you to put your phones on private / NAT addresses. You don't have to
    >punch holes in your firewall !
    >
    >http://www.edgewaternetworks.com

    It's just a little bit expensive. Per user, it seems to be cheaper to
    replace the end user's ATA with one on a public IP.

    There are no universal, cheap solutions. Even stuff like STUN and pin
    holing doesn't work for all.

    peter

    --
    peter gradwell. gradwell dot com Ltd. http://www.gradwell.com/
    -- engineering & hosting services for email, web and voip --
    -- http://www.peter.me.uk/ -- http://www.voip.org.uk/ --
  4. Archived from groups: comp.dcom.voice-over-ip (More info?)

    "Rick Merrill" <RickMerrill@comcastTHROW.net> wrote in message
    news:GLednU0ms_j5BZ7fRVn-uA@comcast.com...
    > This may shed some light for those who are trying to estabilish VOIP
    > behind a NAT router. - RM
    >
    > from http://www.voip-info.org/wiki-NAT+and+VOIP
    > :
    >
    > The Trouble with NAT and VOIP
    > "In addition, the way in which conventional VoIP protocols are designed
    > is also posing a problem to VoIP traffic passing through NAT.
    > Conventional VoIP protocols only deal with the signalling of a telephone
    > connection. The audio traffic is handled by another protocol and to make
    > matters worse, the port on which the audio traffic is sent is random.
    > The NAT router may be able to handle the signalling traffic, but it has
    > no way of knowing that the audio traffic is related to the signalling
    > and should hence be passed to the same device the signalling traffic is
    > passed to. As a result, the audio traffic is simply discarded.

    not true. the signalling protocol carries the info about which ports the
    specific connections will use - otherwise how is the call going to get
    connected correctly to the end point?

    for example, cisco PIX has a fixup protocol that does this for you for H323
    and SIP:
    http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00801fc74a.shtml

    >
    > "At first, for both the calling and the called party everything will
    > appear just fine. The called party will see the calling party's Caller
    > ID and the telephone will ring while the calling party will hear a
    > ringing feedback tone at the other end. When the called party picks up
    > the telephone, both the ringing and the associated ringing feedback tone
    > at the other end will stop as one would expect. However, the calling
    > party will not hear the called party (one way audio) and the called
    > party may not hear the calling party either (no audio).
    >
    > "The issue of NAT Traversal is a major problem for the widespread
    > deployment of VOIP. Yet, the issue is non-trivial and there are no
    > simple solutions."

    this is actually an issue for a firewall software supplier who cannot be
    bothered to write code to handle this particular protocol rather than a
    problem with the protocol.

    the long term fix is simple - if your firewall cant handle the voice
    protocol you need - take it back, and / or complain to the supplier.

    a year or 2 of that and the software will get fixed.
    --
    Regards

    Stephen Hope - return address needs fewer xxs
Ask a new question

Read More

VPN Audio VoIP Networking