Alan wrote:
Thanks for responding.
I was referring to the SIP server interface defined with a non-routable
class A (10.x.x.x) IP address for example. The PIX firewall is configured
with a static NAT translation (12.x.x.x <--> 10.x.x.x) and an access control
list which directs traffic destined for port 5060 outside global address to
the NAT'ed inside address.
Indeed, the only workable solution we found is to run 'ser' on the 'nat
router' itself, which in our case is a border router running OpenBSD on
sparc. 'ser' is configured to listen on the router's public ip and on
the internal (NAT'ed) private (RFC 1918) networks; we run 'rtpproxy' on
the same host to handle the rtp payload with internal UAs which are
clients on private (RFC 1918) addresses.
Our 'ser.cfg' is somewhat more complicated than is usual for a small
network.
I have not really investigated using NAT-T in this scenario.
Regards,
Michael Grigoni
Cybertheque Museum