Firewall Wizards mailing list archives
Re: SIP support in NAT
From: John Ladwig <jladwig () aravox com>
Date: Thu, 13 Dec 2001 12:19:23 -0600 (CST)
All, Here is a doubt regarding SIP support in NAT. As per NAT, an external host (having a global ip address) can not access the local host behind NAT. If the local host has started a session, then packets from external host for this particular session should be allowed. If this is the case then calling from external host to local users behind NAT will never possible. In case of SIP/MGCP/H.323 only local users can make call and never will be able to receive calls. How should this problem can be overcome, please suggest.
This is hardly an unknown problem in the VoIP space. See the IETF Midcom working group, and a variety of SIP drafts and related works noted in the main SIP RFCs. There are several vendors working products in this space as well. I short, VoIP with NAT and/or firewalls is possible, but it involves one or more of: a) Modified endpoints b) Protocol-aware NAT/firewalls and/or ALGs c) External media proxies and/or tunneling I have personally overseen the creation of a substantial number of network architectures which implement what we so cheerfully refer to as "one-way media." Other than support-desk applications (where the helpdesk can speak and the caller only listen), these tend not to be highly valuable architectures. -jml _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- SIP support in NAT K K Palei (Dec 13)
- Re: SIP support in NAT Jakob Schlyter (Dec 14)
- Re: SIP support in NAT John Ladwig (Dec 14)