Here we can add show some examples of working configuration for Asterisk's SIP channel driver when Asterisk is behind NAT (Network Address Translation).
|Device||IP in example|
|ITSP SIP gateway|
Other Information in the ExampleFor the sake of a complete example and clarity, in this example we use the following fake details:
ITSP Account number: 1112223333
DID number provided by ITSP: 19998887777
We are assuming you have already read the Configuring res_pjsip page and have a basic understanding of Asterisk. The For this NAT example, the important config options to note are local_net, external_media_address and external_signaling_address in the transport type context. The rest of the options may depend on your particular configuration, phone model, network settings, ITSP, etc. The key is to make sure you have those three options set appropriately.
This is the IP network that we want to consider our local network. For communication to addresses within this range, we won't apply any NAT-related settings, such as the external* options below.
This is the external IP address to use in RTP handling. When a request or response is sent out from Asterisk, if the destination of the message is outside the IP network defined in the option 'local_net', and the media address in the SDP is within the localnet network, then the media address in the SDP will be rewritten to the value defined for 'external_media_address'.
This is much like the external IP address to use _media_address setting, but for SIP signaling instead of RTP media.
The two external* options mentioned here should be set to the same address unless you separate your signaling and media to different addresses or servers.
Together these options make sure the far end knows where to send back SIP and RTP packets. This is important, because our Asterisk system has a private IP address that the ITSP cannot route to. We want to make sure the SIP and RTP traffic comes back to the WAN/Public internet address of our router. The contexts prefixed with "sipus" are all configuration needed for inbound and outbound connectivity of the SIP trunk, and the contexts named 6001 are all for the VOIP phone.
[transport-udp-nat] type=transport protocol=udp bind=0.0.0.0 local_net=192.0.2.0/24 local_net=127.0.0.1/32 external_media_address=198.51.100.5 external_signaling_address=198.51.100.5 [sipus_reg] type=registration transport=transport-udp-nat outbound_auth=sipus_auth server_uri=sip:gw1.example.com client_uri=sip:[email protected] contact_user=19998887777 retry_interval=60 [sipus_auth] type=auth auth_type=userpass password=************ username=1112223333 realm=gw1.example.com [sipus_endpoint] type=endpoint transport=transport-udp-nat context=from-external disallow=all allow=ulaw outbound_auth=sipus_auth aors=sipus_aor direct_media=no from_domain=gw1.example.com [sipus_aor] type=aor contact=sip:gw1.example.com contact=sip:gw2.example.com [sipus_identify] type=identify endpoint=sipus_endpoint match=203.0.113.1 match=203.0.113.2  type=endpoint context=from-internal disallow=all allow=ulaw transport=transport-udp-nat auth=6001 aors=6001 direct_media=no from_user=thisisatest  type=auth auth_type=userpass password=********* username=6001  type=aor max_contacts=2