[VoiceOps] acme nat traversal clue

anorexicpoodle anorexicpoodle at gmail.com
Fri Oct 2 22:27:01 EDT 2009 

Acme HNT only applies when the endpoint is registered, does your PBX
register to the ITSP? If not you will need to find another way around
NAT on your end. Judging by what you are telling us with the invite
being sent to sip:xxxxxx at 1.1.1.1 it sounds like you arent registered and
instead it is a session agent configured in the SD to correspond to you.
If this is indeed the case you will need to find a way around this on
your end, As Alex suggested OpenSER + Media Proxy will work quite well,
though a smaller and easier solution might be buying something like an
Edgemarc from Edgewater networks for your end and put it in front of the
netscreen in a proxy-arp config, so the edgemarc will take ownership of
the WAN connection and provide a 100% working ALG. 

Hope this helps

On Fri, 2009-10-02 at 19:08 -0400, milosz wrote:

> hi guys,
> 
> need a bit of help... have never touched an acme before so i'm not
> sure what to tell the people i am dealing with, and they seem
> incapable of resolving the problem themselves.  trying to explain the
> difference between layer 3 and layer 7 is not working.
> 
> setup: i have an ip pbx with a single interface at 10.0.1.80, and a
> netscreen 50 with a static routable ip natted to the pbx at 1.1.1.1
> (sip alg is off).  my itsp has an acme at 2.2.2.2.
> 
> this is what an inbound call looks like right now:
> 
> 2.2.2.2 -> 1.1.1.1 invite sip:xxxxxx at 1.1.1.1
> 10.0.1.80 -> 2.2.2.2 100 trying
> 10.0.1.80 -> 2.2.2.2 200 ok (contact: sip:xxxxxx at 10.0.1.80)
> 2.2.2.2 -> 10.0.1.80 ack sip:xxxxxx at 10.0.1.80
> 
> so obviously it breaks at this point.
> 
> according to them, they are unable to configure the acme to respond to
> the originating routable ip instead of the nonroutable ip in the sip
> contact.
> 
> this is what someone at acme told them:
> 
> 
> It’s not a configuration issue, the endpoint at 1.1.1.1 has set it’s
> contact header address to 10.0.1.80 in it’s 200 OK response back to
> 2.2.2.2 (SBC). The SD will look at the Contact header in order to
> determine where to send future in-dialog requests such as ACK, BYE,
> Re-INVITEs etc (according to RFC3261). Please can you check why
> 1.1.1.1 would be doing so?
> 
> this sounds irrelevant to me, since any sip endpoint will set its
> contact header address to its own ip.  sounds like this guy is saying
> "well it's natted so that won't work, tell them to fix it."  i
> certainly can't configure my pbx to respond with a modified contact
> header.
> 
> 
> can anyone provide some guidance here?  or maybe i am just wrong and
> it is impossible to make this work.  but it looks like a basic hnt
> situation to me.
> 
> 
> thanks,
> 
> milosz
> 
> 
> 
> _______________________________________________
> VoiceOps mailing list
> VoiceOps at voiceops.org
> https://puck.nether.net/mailman/listinfo/voiceops
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20091002/e62b7d31/attachment-0001.html>

More information about the VoiceOps mailing list