Mailing List Archive

If you are using cisco IOS 12.2(8)T10 for your NAT, it will
perform this function for you, without the need for STUN.

I've found this a quite valuable solution to the SIP/NAT
problem in our environment.

Some of the "home" routers don't work correctly with SIP. For
a non-scientific list of routers that work, you might want to check here:
http://sipphone.com/routers/

My biggest suggestion to people when we set up new IP phones
is to avoid nat/firewall/packet filtering as much as possible. It creates
unecessary headaches using it.

- Jared

On Mon, Dec 29, 2003 at 05:17:38PM -0300, Diego Costa wrote:
> Hello guys,
>
> I want to try cisco ATA behind a NAT, I can use SIP and H323 also, I've
> read some about STUN but in the documentation of the STUN servers that I
> review, said that they don't work with Cisco ATA's.
>
>
> The scenario would be:
>
> ------------ -------------- ----
> ---
> | Gatekeeper |----Public IP's----| NAT FIREWALL |----Private IP's----> |
> ATA-1 |
> ------------ -------------- ----
> ---
>
> I would appreciate any help or suggestion.
>
> Thanks
> Diego.
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip

--
Jared Mauch | pgp key available via finger from jared@puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.

Thanks for your response Jared, I agree with you the best option it's public
ips to the gateways, the another option (router with IOS 12.2(8)T10, isn't
100% applicable to our services, because not all the custumers has cisco
routers or one of the list that you send me. For this reason I'm thinking in
a STUN server or another application/device that fix this limitation.


Diego.


-----Mensaje original-----
De: Jared Mauch [mailto:jared@puck.nether.net]
Enviado el: Lunes, 29 de Diciembre de 2003 05:38 p.m.
Para: Diego Costa
CC: Cisco-Voip
Asunto: Re: [cisco-voip] ATA behind a firewall


If you are using cisco IOS 12.2(8)T10 for your NAT, it will
perform this function for you, without the need for STUN.

I've found this a quite valuable solution to the SIP/NAT
problem in our environment.

Some of the "home" routers don't work correctly with SIP. For
a non-scientific list of routers that work, you might want to check here:
http://sipphone.com/routers/

My biggest suggestion to people when we set up new IP phones
is to avoid nat/firewall/packet filtering as much as possible. It creates
unecessary headaches using it.

- Jared

On Mon, Dec 29, 2003 at 05:17:38PM -0300, Diego Costa wrote:
> Hello guys,
>
> I want to try cisco ATA behind a NAT, I can use SIP and H323 also,
I've
> read some about STUN but in the documentation of the STUN servers that I
> review, said that they don't work with Cisco ATA's.
>
>
> The scenario would be:
>
> ------------ -------------- --
--
> ---
> | Gatekeeper |----Public IP's----| NAT FIREWALL |----Private IP's----> |
> ATA-1 |
> ------------ -------------- --
--
> ---
>
> I would appreciate any help or suggestion.
>
> Thanks
> Diego.
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip

--
Jared Mauch | pgp key available via finger from jared@puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.

Actually, with Cisco ATA system version 3.0 (released December 15), there's
support for STUN. You just need to download the SIP software since H.323
and SIP are now separate.

Please check with your Cisco partner.

Regards, Neil

----- Original Message -----
From: "Diego Costa" <diego@ifxnw.com.uy>
To: "Cisco-Voip" <cisco-voip@puck.nether.net>
Sent: mardi 30 décembre 2003 04:17
Subject: [cisco-voip] ATA behind a firewall


> Hello guys,
>
> I want to try cisco ATA behind a NAT, I can use SIP and H323 also,
I've
> read some about STUN but in the documentation of the STUN servers that I
> review, said that they don't work with Cisco ATA's.
>
>
> The scenario would be:
>
> ------------ -------------- --
--
> ---
> | Gatekeeper |----Public IP's----| NAT FIREWALL |----Private IP's----> |
> ATA-1 |
> ------------ -------------- --
--
> ---
>
> I would appreciate any help or suggestion.
>
> Thanks
> Diego.
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip

I have been trying to use ATA behind firewall without success. Please
consider the following scenario:
ATA using H323 and with private IP, behind NAT firewall (a simple home
router such as linksys or netgear)
Gatekeeper (gnugk) with public IP

1. Can I terminate calls in two different ATAs behind the firewall ? (I
imagine I need to do port forwarding in the router to a single ATA so only
one ATA can terminate the call inside the LAN)

2. Can I call from one ATA behind firewall to another ATA behind another
firewall using the gnugk ? Do I need a proxy for that ?

3. Is SIP better than H323 for NATed ATAs ?

Thanks,
Andrew

>From: "neil quiogue" <neil@quiogue.com>
>To: "Diego Costa" <diego@ifxnw.com.uy>, "Cisco-Voip"
><cisco-voip@puck.nether.net>
>Subject: Re: [cisco-voip] ATA behind a firewall
>Date: Wed, 31 Dec 2003 07:01:33 +0800
>
>Actually, with Cisco ATA system version 3.0 (released December 15), there's
>support for STUN. You just need to download the SIP software since H.323
>and SIP are now separate.
>
>Please check with your Cisco partner.
>
>Regards, Neil
>
>----- Original Message -----
>From: "Diego Costa" <diego@ifxnw.com.uy>
>To: "Cisco-Voip" <cisco-voip@puck.nether.net>
>Sent: mardi 30 décembre 2003 04:17
>Subject: [cisco-voip] ATA behind a firewall
>
>
> > Hello guys,
> >
> > I want to try cisco ATA behind a NAT, I can use SIP and H323 also,
>I've
> > read some about STUN but in the documentation of the STUN servers that I
> > review, said that they don't work with Cisco ATA's.
> >
> >
> > The scenario would be:
> >
> > ------------ --------------
>--
>--
> > ---
> > | Gatekeeper |----Public IP's----| NAT FIREWALL |----Private IP's----> |
> > ATA-1 |
> > ------------ --------------
>--
>--
> > ---
> >
> > I would appreciate any help or suggestion.
> >
> > Thanks
> > Diego.
> >
> > _______________________________________________
> > cisco-voip mailing list
> > cisco-voip@puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-voip
>
>_______________________________________________
>cisco-voip mailing list
>cisco-voip@puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-voip

_________________________________________________________________
Expand your wine savvy — and get some great new recipes — at MSN Wine.
http://wine.msn.com

Andrew,

Because h323 embeds the L3 addr (ip addr) in the L4 message (h225),
your "simple home router" will have to be h323 aware, maintain translation
tables, and do packet re-writes.

/Wes

> -----Original Message-----
> From: cisco-voip-bounces@puck.nether.net
> [mailto:cisco-voip-bounces@puck.nether.net]On Behalf Of Andrew Croch
> Sent: Friday, January 02, 2004 10:51 AM
> To: cisco-voip@puck.nether.net
> Subject: Re: [cisco-voip] ATA behind a firewall
>
>
>
> I have been trying to use ATA behind firewall without success. Please
> consider the following scenario:
> ATA using H323 and with private IP, behind NAT firewall (a simple home
> router such as linksys or netgear)
> Gatekeeper (gnugk) with public IP
>
> 1. Can I terminate calls in two different ATAs behind the firewall ? (I
> imagine I need to do port forwarding in the router to a single
> ATA so only
> one ATA can terminate the call inside the LAN)
>
> 2. Can I call from one ATA behind firewall to another ATA behind another
> firewall using the gnugk ? Do I need a proxy for that ?
>
> 3. Is SIP better than H323 for NATed ATAs ?
>
> Thanks,
> Andrew
>
> >From: "neil quiogue" <neil@quiogue.com>
> >To: "Diego Costa" <diego@ifxnw.com.uy>, "Cisco-Voip"
> ><cisco-voip@puck.nether.net>
> >Subject: Re: [cisco-voip] ATA behind a firewall
> >Date: Wed, 31 Dec 2003 07:01:33 +0800
> >
> >Actually, with Cisco ATA system version 3.0 (released December
> 15), there's
> >support for STUN. You just need to download the SIP software since H.323
> >and SIP are now separate.
> >
> >Please check with your Cisco partner.
> >
> >Regards, Neil
> >
> >----- Original Message -----
> >From: "Diego Costa" <diego@ifxnw.com.uy>
> >To: "Cisco-Voip" <cisco-voip@puck.nether.net>
> >Sent: mardi 30 décembre 2003 04:17
> >Subject: [cisco-voip] ATA behind a firewall
> >
> >
> > > Hello guys,
> > >
> > > I want to try cisco ATA behind a NAT, I can use SIP and H323 also,
> >I've
> > > read some about STUN but in the documentation of the STUN
> servers that I
> > > review, said that they don't work with Cisco ATA's.
> > >
> > >
> > > The scenario would be:
> > >
> > > ------------ --------------
>
> >--
> >--
> > > ---
> > > | Gatekeeper |----Public IP's----| NAT FIREWALL |----Private
> IP's----> |
> > > ATA-1 |
> > > ------------ --------------
>
> >--
> >--
> > > ---
> > >
> > > I would appreciate any help or suggestion.
> > >
> > > Thanks
> > > Diego.
> > >
> > > _______________________________________________
> > > cisco-voip mailing list
> > > cisco-voip@puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-voip
> >
> >_______________________________________________
> >cisco-voip mailing list
> >cisco-voip@puck.nether.net
> >https://puck.nether.net/mailman/listinfo/cisco-voip
>
> _________________________________________________________________
> Expand your wine savvy — and get some great new recipes — at MSN Wine.
> http://wine.msn.com
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip