How I made SPA-2000 behind NAT work.

Discussion in 'VOIP' started by Kyler Laird, Oct 24, 2004.

  1. Kyler Laird

    Kyler Laird Guest

    This is probably obvious to most people who really know NAT and SIP
    but for others who are stumbling around just trying to make things
    work, here's my story.

    I have a bunch of Sipura SPA-2000 (dual FXS) devices. I've been
    giving them to friends in order to see what good we can make of
    them. Until now I had not tried making a call to one of the
    devices behind NAT.

    I started testing calls to a NAT device at home from a server out
    on the 'net. The SPA device was registered and configured with
    "nat=yes" but calls were failing with 404 errors. At first I
    thought it was just that I needed to call some special extension
    in the SPA.

    A little network traffic sniffing showed that even though I'd told
    Asterisk that the device is behind NAT, it was trying to send calls
    to port 5060 on the public IP address. That was reaching my home
    Asterisk server which generated the 404.

    So...more reading...I found this paper on SIP and NAT.
    Skimming it I noticed
    The proxy needs to return SIP packets on the same port it
    received them to the IP:port that the packets were sent
    from (not to any standard SIP port, e.g. 5060). SIP has
    tags that tell the proxy to do this -- the "received" tag
    tells the proxy to return a packet to a specific IP and
    the "rport" tag [2] keeps the port to return to.
    Ah ha! I recalled "rport" in the NAT part of the SPA's SIP page.
    I experimented and found that all I needed to do was switch
    "Insert VIA rport" to "On" to make it work.

    Kyler Laird, Oct 24, 2004
    1. Advertisements

  2. Do you have any spare SPA-2000s that you would like to give me????

    Mike Schumann
    Mike Schumann, Oct 25, 2004
    1. Advertisements

  3. Kyler Laird

    Kyler Laird Guest

    More learning...

    Under "Line 1" and "Line 2", change "NAT Keep Alive Enable" to "yes"
    and under "SIP" set "NAT Keep Alive Intvl" to something short enough
    to keep the firewall awake.

    Yes, I know; that should have been obvious.

    Also, under "SIP" set "Send Resp To Src Port" to "yes".

    Sipura has excellent documentation for configuration and
    provisioning of their equipment. This documentation is only
    available to Service Providers and Resellers.

    I've been told service providers and resellers can't even get good
    documentation from Sipura. Too bad. It's great hardware. It just
    needs some firmware tweaking and documentation.

    Kyler Laird, Nov 1, 2004
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.