Leo,
I had SIP fix-up turned off and just re-enabled it on the PIX. This seems to
help resolve the issue and in turn the SIP signaling is working correctly.
Thanks so much!
~Alan
-----Original Message-----
From: Leo [mailto:leo@ltcjp.com]
Sent: Sunday, May 14, 2006 7:03 PM
To: 'Alan'
Cc: serusers(a)lists.iptel.org
Subject: RE: [Serusers] Running SER Server behind NAT
Alan,
This may be obvious, but in addition to the static translate you need to
turn on SIP fix-up in the PIX. Have you done this?
Leo P.
-----Original Message-----
From: serusers-bounces(a)iptel.org [mailto:serusers-bounces@lists.iptel.org] On
Behalf Of Alan
Sent: Thursday, May 11, 2006 10:20 AM
To: 'Michael Grigoni'; serusers(a)lists.iptel.org
Subject: RE: [Serusers] Running SER Server behind NAT
Thanks for responding.
I was referring to the SIP server interface defined with a non-routable
class A (10.x.x.x) IP address for example. The PIX firewall is configured
with a static NAT translation (12.x.x.x <--> 10.x.x.x) and an access control
list which directs traffic destined for port 5060 outside global address to
the NAT'ed inside address.
The problem I have is when UA1 sends an invite to UA2. After the proxy sends
the invite to UA2 the "Record Route" address is the local IP address
(10.x.x.x). In result, both UA1 and UA2 never receive a BYE message. Please
help.
~Alan
--------------------------------------------------------------------------
| SER External | UA2 | UA1 | SER Internal
| 12.xxx.xxx.xx | 192.168.215.103 | 151.xxx.xxx.xx | 10.181.0.35
| | | |
|INVITE SDP | | |
|------------------>| | |
| | | |
| 100 Trying| | |
|<------------------| | |
| | | |
| 180 Ringing| | |
|<------------------| | |
| | | |
| 200 Ok SDP| | |
|<------------------| | |
| |RTP | |
| |------------------>| |
| | | |
| 200 Ok| | |
|<------------------| | |
| 200 Ok| | |
|<------------------| | |
| 200 Ok| | |
|<------------------| | |
| |RTP | |
| |------------------>| |
| |BYE | |
| |-------------------------------------->|
| |BYE | |
| |-------------------------------------->|
| |BYE | |
| |-------------------------------------->|
-----Original Message-----
From: serusers-bounces(a)iptel.org [mailto:serusers-bounces@lists.iptel.org] On
Behalf Of Michael Grigoni
Sent: Thursday, May 11, 2006 3:50 AM
To: serusers(a)lists.iptel.org
Subject: Re: [Serusers] Running SER Server behind NAT
Alan wrote:
Is it possible to run SER SIP server behind a NAT? If
so, what type of >
configuration changes am i looking at? My current scenario is
as > follows.
Internet <-----> Pix (12.x.x.x translates to 10.x.x.x) <----> SIP Server
We have been running ser 0.8.99-dev19 (sparc/openbsd) for more than a year
on NAT; our solution required ser to run on the NAT border router so that it
could service the public net interfaces and the internal NAT'ed interfaces.
We use rtpproxy on the same box. I have not actively watched the lists for
any developments involving running it on a host only on a private ip space.
I don't know of a ser port to run on the Pix. All external UAs so far have
been on public ip addresses; we haven't yet dealt with the issue of external
UAs behind NAT (perhaps a STUN solution would work, or a VPN where
feasible).
Michael Grigoni
Cybertheque Museum
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers