AFAIK, two UAs (symm) behind two different port restricted cone NATs can talk to each <br>other without the mediaproxy, try to fix the SDP using fix_nated_sdp("2").<br> <br>If the NAT is hairpin enabled then UAs behind the same port restricted NAT can talk to each other.
<br> <br>~Vamsi<br><br><div><span class="gmail_quote">On 9/25/06, <b class="gmail_sendername">kjcsb</b> <<a href="mailto:kjcsb@orcon.net.nz">kjcsb@orcon.net.nz</a>> wrote:</span><blockquote class="gmail_quote" style="margin-top: 0; margin-right: 0; margin-bottom: 0; margin-left: 0; margin-left: 0.80ex; border-left-color: #cccccc; border-left-width: 1px; border-left-style: solid; padding-left: 1ex">
<br><br>> Yes, you are most definitely on to something. NAT-handling is complex and<br>> it takes some work to fine-tune it the way you want. I few comments:<br>> - Look at nathelper's nat_uac_test. It has more options and better
<br>> control, look at option 16, which is very good for detecting symmetric<br>> NATs where STUN or an ALG has tried to fix the message<br>> - If you are doing pstn, your gw supporting active media will reduce your
<br>> proxied calls to none<br>> - sipura has many nat-handling options and takes some tweaking to get them<br>> right for your config<br>> - The behavior of the UAs will differ depending on the type of NAT they
<br>> are behind. When behind a symmetric NAT, they should not try to fix the<br>> ip:port, but some do. nat_uac_test("16") will in most cases reveal this<br>><br>> Good luck! (and I'm sure others would appreciate a how-to on optimizing
<br>> NAT at <a href="http://iptel.org">iptel.org</a><br>> <a href="http://www.iptel.org/node/add/flexinode-4">http://www.iptel.org/node/add/flexinode-4</a><br>> If you create one, I'll help out in making it accurate)
<br>> Also, make sure you have a look at the new NAT-handling document:<br>> <a href="http://www.iptel.org/ser/howtos/optimizing_the_use_of_rtp_proxy">http://www.iptel.org/ser/howtos/optimizing_the_use_of_rtp_proxy</a>
<br>> g-)<br>><br>Many thanks. I've read and reread "Optimizing the use of rtp proxy". I've<br>also done a lot more reading on SDP & RTP which is most relevant to the<br>audio issue. Signalling is not the problem
i.e. the messages are passed back<br>and forward through the proxy and I'm happy with that. It's the audio I want<br>to offload.<br><br>I think the key unanswered question I have is this: in the (seemingly) most<br>common scenario of two symmetric (signalling and RTP) UAs behind two
<br>different (port) restricted cone NATs, can two-way audio be established<br>without the use of a media proxy? I had previously thought that was possible<br>but the latest reading I have done indicates not. Why? Because one side must
<br>initiate the audio part of the call and the other side's NAT device will not<br>know where to send that audio on the LAN side of the network. Could someone<br>put me out of my misery and confirm one way or the other?<br>
<br>I had thought another alternative was to map the RTP ports on the NAT<br>device. This would mean forwarding ranges of ports to specific IP addresses<br>(each different port range relating to a specific UA) on the NAT device.
<br>Each UA would then be configured to send RTP traffic on the port range<br>relating to its IP address. But if both sides are behind NAT then am I right<br>in thinking that this won't work either because the callees NAT device still
<br>doesn't know where to send it?<br><br>Regarding me documenting my solution it looks to me like it's already been<br>done in "Optimizing the use of rtp proxy"! I'm currently using media proxy<br>so the main difference would be that the media proxy selection would be
<br>based on the domain rather than an avp.e.g. <a href="http://west.domain.com">west.domain.com</a> goes to one<br>proxy and <a href="http://east.domain.com">east.domain.com</a> goes to another.<br><br>Cameron<br><br>_______________________________________________
<br>Serusers mailing list<br><a href="mailto:Serusers@lists.iptel.org">Serusers@lists.iptel.org</a><br><a href="http://lists.iptel.org/mailman/listinfo/serusers">http://lists.iptel.org/mailman/listinfo/serusers</a><br></blockquote>
</div><br>