Nat Firewall Traversal - Nortel 1120E Administration Manual
Sip firmware release 1.1
Hide thumbs
Also See for 1120E:
- User manual (206 pages) ,
- Guide utilisateur (25 pages) ,
- Quick start manual (4 pages)
Table of Contents
Advertisement
NAT firewall traversal
The objective of putting devices behind a Network Address Translator (NAT)
is to protect the devices from external interruption and to extend the public IP
address space. However, the shield to stop unsolicited incoming traffic also
has the drawback of breaking a number of IP applications, including SIP.
If a device is behind a NAT, transport addresses obtained are not publicly
routable, and therefore, not useful in a number of multimedia applications.
The limited lifetime of the NAT port mapping can also cause the SIP
signaling to fail. If a port mapping is idle, it can be released by the NAT
and reassigned to other applications.
The STUN protocol lets an IP Phone 1120E discover the presence and
type of NATs between the IP Phone 1120E and the public Internet. In
addition, an IP Phone 1120E can discover the mapping between the
private IP address and port number and the public IP address and port
number. Typically, a service provider operates a STUN server in the public
Internet, with STUN-enabled IP Phones embedded in end-devices, which
are possibly behind a NAT.
A STUN server can be located using DNS SRV records using the domain of
the service provider as the lookup. STUN typically uses the well-known port
number 3478. STUN is a binary encoded protocol with a 20-octet header
field and possibly additional attributes. The STUN protocol learns the public
IP addresses, and therefore, some security is necessary.
To initiate a STUN lookup, the IP Phone 1120E sends one or more Binding
Request packets using UDP to the STUN server. These packets must be
sent from the same IP address that the IP Phone 1120E uses for the other
protocol, because this is the address translation information that the IP
Phone 1120E tries to discover.
The server returns Binding Response packets, which tell the IP Phone
1120E the public IP address and port number from which it received the
Binding Request. The IP Phone 1120E knows the private IP address and
port number it used to send the Binding Request, and therefore, it learns the
mapping between the private and public address space being performed
by the NAT. If the Binding Response packets indicate the same address
and port number as the request, the IP Phone 1120E knows no NATs are
present.
Copyright © 2008, Nortel Networks
.
SIP Firmware Release 1.1 for IP Phone 1120E Administration
NN43112-300 02.03 Standard
27 May 2008
103
Advertisement
Chapters
Table of Contents
