<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
<br>
<br>
On 6/8/11 11:36 PM, Ujjval Karihaloo wrote:
<blockquote
cite="mid:b1e8e2903d135abb373cb63e20fce388@mail.gmail.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 12 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style>
<div class="WordSection1">
<p class="MsoNormal">Hi All:</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal"> We have seen many PBX NAT’ed behind a
Firewall that does not do the Sip ALG correctly. Most cases
putting the Private IP in the Contact header and the ACME
responds back to the Private IP.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">Example call inbound to the PBX, the PBX
sends a 200 OK (as call is answered) with a Private IP in the
contact header. ACME sends the ACK back to the Private IP
blackholing it.</p>
<p class="MsoNormal"> </p>
<p class="MsoNormal">I have seen SBC’s that do adjust to the
Layer 3 IP:port if they notice Private IPs in the SIP
signaling. Is there a setting on ACME to do that?</p>
<br>
</div>
</blockquote>
Read up on<br>
nat-traversal always<br>
in the sip interface section of the config. I will note, however,
that that looks for the Contact-URI and topmost VIA to match and to
be different than the source address in layer 3 (IP), rather than
looking for RFC 1918 addresses. Of course, given that there are
umpteen hundred knobs to twist on an Acme, there's probably some way
of getting it to do this only for RFC 1918 addresses, but I'm not
sure there's value in doing that and certainly couldn't tell you how
to do it. My understanding is that "nat-traversal always" is the
"normal" way of doing what you appear to need.<br>
<br>
As an operational note, we've had more problems with various
customer firewalls doing pretty bad jobs with SIP, such as the one
that worked fine until somebody transferred a call at which point
the firewall just dropped all sorts of vital packets on the floor,
than we've ever had just letting our Acmes do NAT traversal. Our
standard recommendation is to turn all SIP aware proxies, fix-up,
etc. off.<br>
<br>
--Jon Radel<br>
</body>
</html>