Re: SIP support in NAT

[John Ladwig <jladwig () aravox com>]

>  All, Here is a doubt regarding SIP support in NAT.
> As per NAT, an external host (having a global ip address) can not access the
> local host behind NAT. If the local host has started a session, then packets
> from external host for this particular session should be allowed. If this is
> the case then calling from external host to local users behind NAT will
> never possible.   In case of SIP/MGCP/H.323 only local users can make call
> and never will be able to receive calls. How should this problem can be
> overcome, please suggest.

This is hardly an unknown problem in the VoIP space. 

See the IETF Midcom working group, and a variety of SIP drafts and related
works noted in the main SIP RFCs.

There are several vendors working products in this space as well.

I short, VoIP with NAT and/or firewalls is possible, but it involves 
one or more of:

    a)  Modified endpoints
    b)  Protocol-aware NAT/firewalls and/or ALGs
    c)  External media proxies and/or tunneling


I have personally overseen the creation of a substantial number of 
network architectures which implement what we so cheerfully refer 
to as "one-way media."

Other than support-desk applications (where the helpdesk can speak 
and the caller only listen), these tend not to be highly valuable 
architectures.

    -jml
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards