Network Address Translation (Nat) Traversal; Voip-Nat Interworking - Linksys SPA941 Administration Manual

DRAFT

Network Address Translation (NAT) Traversal

The SPA941 supports NAT traversal for VoIP signaling and media packets. This section overviews the
basics around NAT. The SPA941 NAT features are reviewed in the configuration section.
Why NAT?
A NAT allows multiple devices to share the same external IP address to access the resources on the
external network. The NAT device is usually available as one of the functions performed by a router that
routes packets between an external network and an internal (or private) one. A typical application of a
NAT is to allow all the devices in a subscriber's home network to access the Internet through a router with
a single public IP address assigned by the ISP. The IP header of the packets sent from the private
network to the public network can be substituted by the NAT with the public IP address and a port
selected by the router according to some algorithm. In other words, recipient of the packets on the public
network will perceive the packets as coming from the external address instead of the private address of
the device where the packets are originated.
In most Internet protocols, the source address of a packet is also used by the recipient as the destination
to send back a response. If the source address of the packets sent from the private network to the public
network is not modified by the router, the recipient may not be able to send back a response to the
originator of the message since its private source IP address/port is not usable. When a packet is sent
from a device on the private network to some address on the external network, the NAT selects a port at
the external interface from which to send the packet to the destination address/port. The private
address/port of the device, the external address/port selected by the NAT to send the packet, and the
external destination address/port of the packet form a NAT Mapping.
The mapping is created when the device first sends a packet from the particular source address/port to
the particular destination address/port and is remembered by the NAT for a short period of time. This
period varies widely from vendor to vendor; it could be a few seconds, or a few minutes, or more, or less.
While the mapping is in effect, packets sent from the same private source address/port to the same public
destination address/port is reused by the NAT. The expiration time of a mapping is extended whenever a
packet is sent from the corresponding source to the corresponding destination.
More importantly, packets sent from that public address/port to the external address/port of the NAT will
be routed back to the private address/port of the mapping session that is in effect. Some NAT devices
actually reuse the same mapping for the same private source address/port to any external IP
address/port and/or will route packets sent to its external address/port of a mapping from any external
address/port to the corresponding private source address/port. These characteristics of a NAT can be
exploited by an SPA to let external entities send SIP messages and RTP packets to it when it is installed
on a private network.

VoIP-NAT Interworking

© 2003 - 2005 Linksys, a Division of Cisco Systems Proprietary (See Copyright Notice on Page 2) 40