AFAIK, two UAs&nbsp;(symm) behind&nbsp;two&nbsp;different&nbsp;port&nbsp;restricted&nbsp;cone&nbsp;NATs can&nbsp;talk&nbsp;to&nbsp;each&nbsp;<br>other&nbsp;without&nbsp;the&nbsp;mediaproxy, try to fix the SDP using fix_nated_sdp(&quot;2&quot;).<br> <br>If the NAT is hairpin enabled then UAs behind the same port restricted NAT can talk to each other.
<br> <br>~Vamsi<br><br><div><span class="gmail_quote">On 9/25/06, <b class="gmail_sendername">kjcsb</b> &lt;<a href="mailto:kjcsb@orcon.net.nz">kjcsb@orcon.net.nz</a>&gt; wrote:</span><blockquote class="gmail_quote" style="margin-top: 0; margin-right: 0; margin-bottom: 0; margin-left: 0; margin-left: 0.80ex; border-left-color: #cccccc; border-left-width: 1px; border-left-style: solid; padding-left: 1ex">
<br><br>&gt; Yes, you are most definitely on to something. NAT-handling is complex and<br>&gt; it takes some work to fine-tune it the way you want. I few comments:<br>&gt; - Look at nathelper's nat_uac_test. It has more options and better
<br>&gt; control, look at option 16, which is very good for detecting symmetric<br>&gt; NATs where STUN or an ALG has tried to fix the message<br>&gt; - If you are doing pstn, your gw supporting active media will reduce your
<br>&gt; proxied calls to none<br>&gt; - sipura has many nat-handling options and takes some tweaking to get them<br>&gt; right for your config<br>&gt; - The behavior of the UAs will differ depending on the type of NAT they
<br>&gt; are behind. When behind a symmetric NAT, they should not try to fix the<br>&gt; ip:port, but some do. nat_uac_test(&quot;16&quot;) will in most cases reveal this<br>&gt;<br>&gt; Good luck! (and I'm sure others would appreciate a how-to on optimizing
<br>&gt; NAT at <a href="http://iptel.org">iptel.org</a><br>&gt; <a href="http://www.iptel.org/node/add/flexinode-4">http://www.iptel.org/node/add/flexinode-4</a><br>&gt; If you create one, I'll help out in making it accurate)
<br>&gt; Also, make sure you have a look at the new NAT-handling document:<br>&gt; <a href="http://www.iptel.org/ser/howtos/optimizing_the_use_of_rtp_proxy">http://www.iptel.org/ser/howtos/optimizing_the_use_of_rtp_proxy</a>
<br>&gt; g-)<br>&gt;<br>Many thanks. I've read and reread &quot;Optimizing the use of rtp proxy&quot;. I've<br>also done a lot more reading on SDP &amp; RTP which is most relevant to the<br>audio issue. Signalling is not the problem 
i.e. the messages are passed back<br>and forward through the proxy and I'm happy with that. It's the audio I want<br>to offload.<br><br>I think the key unanswered question I have is this: in the (seemingly) most<br>common scenario of two symmetric (signalling and RTP) UAs behind two
<br>different (port) restricted cone NATs, can two-way audio be established<br>without the use of a media proxy? I had previously thought that was possible<br>but the latest reading I have done indicates not. Why? Because one side must
<br>initiate the audio part of the call and the other side's NAT device will not<br>know where to send that audio on the LAN side of the network. Could someone<br>put me out of my misery and confirm one way or the other?<br>
<br>I had thought another alternative was to map the RTP ports on the NAT<br>device. This would mean forwarding ranges of ports to specific IP addresses<br>(each different port range relating to a specific UA) on the NAT device.
<br>Each UA would then be configured to send RTP traffic on the port range<br>relating to its IP address. But if both sides are behind NAT then am I right<br>in thinking that this won't work either because the callees NAT device still
<br>doesn't know where to send it?<br><br>Regarding me documenting my solution it looks to me like it's already been<br>done in &quot;Optimizing the use of rtp proxy&quot;! I'm currently using media proxy<br>so the main difference would be that the media proxy selection would be
<br>based on the domain rather than an avp.e.g. <a href="http://west.domain.com">west.domain.com</a> goes to one<br>proxy and <a href="http://east.domain.com">east.domain.com</a> goes to another.<br><br>Cameron<br><br>_______________________________________________
<br>Serusers mailing list<br><a href="mailto:Serusers@lists.iptel.org">Serusers@lists.iptel.org</a><br><a href="http://lists.iptel.org/mailman/listinfo/serusers">http://lists.iptel.org/mailman/listinfo/serusers</a><br></blockquote>
</div><br>