NAT Traversal issue in VOIP Environment

Why the NAT becomes an ISSUE for VOIP phone with SIP Protocol and why we need NAT traversal through expressway.

Phone-A—–NAT-DEVICE—Internet—Phone-B

Phone-A private IP 10.1.1.10

Phone-B Public IP 64.12.30.10

For Outbound Calls, NAT Device translates the private IP address 10.1.1.10 to 64.12.31.1

Scenario without STUN protocol.

Phone-A tries to establish a call to Phone-B.

Phone-A sends a SIP Invite message; in the Invite message, Phone-A puts the Private IP address 10.1.1.10 and port 8214 in the Contact field as shown below:

Contact: : <sip:1001@10.1.1.10:8214….>

Therefore Phone-A is requesting the Phone-B to try to establish a connection by sending SIP messages back to IP address 10.1.1.10 and port 8214.

The Phone-B will try to establish the connection but since this is a private IP address, it is not routable on the internet and therefore the response is dropped by the ISP. Since packets are dropped, the connection cannot be established.

Scenario with STUN protocol.

Phone-A sends a STUN resolution request to the STUN server which can be the Expressway-E. The purpose of the STUN protocol is to allow the Phone-A behind the NAT-Device to discover its public IP 64.12.31.1 and the port translation 5410.

In the “Contact” field in the SIP Invite message the Phone-A replaces its own IP address (10.1.1.10) with the external IP address (64.12.31.1) and external Port (5410) discovered by making a STUN resolution before sending the SIP Invite message as shown below;

Contact: <sip:1001@64.12.31.1:5410….>

Now the Phone-B can establish a connection with the Phone-A by sending SIP responses to IP address 64.12.31.1 on port 5410 which is the mapped to IP address 10.1.1.10 and port 8214 on the NAT-Device.

Published by:

Redouane MEDDANE

Redouane MEDDANE is Cisco Instructor CCSI #35458, 3xCCNP Collaboration, Security and Enterprise and he a published author of some of the most important OSPF Protocol, Security and Collaboration books in the world titled OSPF Demystified With RFC, Network Security All-in-one, and Dial Plan and Call Routing Demystified on CUCM. He is also a blogger at ipdemystify.com and writes articles about collaboration and security to demystify the most complex topics. His books are known for their technical depth and accuracy especially the OSPF Demystified With RFC book, which is considered as the best OSPF book in the world and named "One of the best OSPF ebooks of all time" by BookAuthority It gives you a hint at the ability to explain complex topics with remarkable ease. He worked as a Cisco Instructor and consultant indifferent Cisco Learning Partner and awarded twice as Cisco Distinguished Instructor Award and Cisco Security Instructor Excellence Award on 2018 and 2019, and Cisco Collaboration Instructor Excellence Award on 2020. The Distinguished Instructor Award recognizes the top 5% of Cisco's most influential CCSI's who provide the highest quality training experience and demonstrate the best overall instructor performance across multiple Cisco technologie and Instructor Excellence Award recognizes the top 25% of elite CCSIs being recognized for delivering top quality training and maintaining high customer satisfaction in their field of expertise.

Categories CollaborationLeave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s