Re: [Serusers] STUN and Symmetric NAT

See http://www.cs.cornell.edu/projects/stunt/draft-takeda-symmetric-nat-travers… for a description of how to traverse many dual symmetric NAT situations - by port prediction. It's only not possible to traverse dual symmetric NAT if both symmetric NATs cannot have their ports predicted. Simon Klaus Darilion wrote: > Switching is not possible with symmetric NAT. But if only one of the > clients is behind symmetric NAT, you don't need an rtpproxy, if the > other client can act as "passive" client. > > see > http://www.softarmor.com/wgdb/docs/draft-ietf-sipping-nat-scenarios-00.txt > section 2.2.1.6 Receiving an Invitation to a Session > a=active, a=passive > > Klaus > > > Simon Barber wrote: > > > >> My confusion over symmetric / cone NAT. But does look possible to >> communicate between symmetric NATs in many cases - but first >> starting with RTP proxy or TURN. Using the RTP proxy to learn which >> class of symmetric NAT you have, and predicting the port allocation >> - then switching to direct communication if the port prediction >> test gives good results. >> >> Simon >> >> >> Jiri Kuthan wrote: >> >> >> >>> At 07:16 PM 3/15/2004, Simon Barber wrote: >>> >>> >>> >>> >>>> possible way to get through symmetric NAT without permanent >>>> rtpproxy. >>>> >>>> Initiate the connection using rtpproxy, as normal. Now, learn the >>>> udp port the NAT is sending RTP from. Now send a re-invite to >>>> both parties, and switch the stream to the udp port the NAT is >>>> using, instead of the rtpproxy. This will only work if the NAT >>>> uses the same external ip/port pair when the same internal >>>> ip/port pair is used >>>> >>>> >>> >>> >>> Which is non-symmetric NAT. Symmetric NATs are only traversable >>> the way >>> Klaus described. >>> -jiri >>> >>> >>> >>> >>> >>>> (and I'm expecting that most sip phone will reuse the same >>>> internal ip/port pair when you re-invite). Apparently some NATs >>>> do this. (although I'm not a NAT expert - I have only read a few >>>> papers on the subject). >>>> >>>> Simon >>>> >>>> >>>> Klaus Darilion wrote: >>>> >>>> >>>> >>>> >>>> >>>>> You can't overcome symmetric NAT with STUN. To traverse a >>>>> symmetric NAT you need: >>>>> - A SIP proxy with NAT traversal (nathelper module) >>>>> - An RTP proxy (or an generic TURN server and a SIP UA which >>>>> supports TURN) >>>>> - A symmetric SIP UA (symmetric SIP & symmetric RTP) >>>>> >>>>> regards, >>>>> Klaus >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>> Hi, >>>>>> Can someone please help me if my dialer does not support symmetric >>>>>> signalling, is there anyway to go through symmetric nat >>>>>> through the server >>>>>> or configure from the server that asking the dialer to point to >>>>>> a STUN >>>>>> server before reaching the UA. Please help........ >>>>>> regards, shirley >>>>>> >>>>>> _______________________________________________ >>>>>> Serusers mailing list >>>>>> serusers(a)lists.iptel.org >>>>>> http://lists.iptel.org/mailman/listinfo/serusers >>>>>> >>>>>> >>>>> >>>>> _______________________________________________ >>>>> Serusers mailing list >>>>> serusers(a)lists.iptel.org >>>>> http://lists.iptel.org/mailman/listinfo/serusers >>>>> >>>> >>>> _______________________________________________ >>>> Serusers mailing list >>>> serusers(a)lists.iptel.org >>>> http://lists.iptel.org/mailman/listinfo/serusers >>>> >>>> >>> >>> >>> -- >>> Jiri Kuthan http://iptel.org/~jiri/ >>> >>>