Snom 4S NAT Filter Admin Manual
  1. Manuals
  2. Brands
  3. Snom Manuals
  4. VoIP
  5. 4S NAT Filter
  6. Admin manual
Snom 4S NAT Filter Admin Manual

Snom 4S NAT Filter Admin Manual

Version 2.05
Hide thumbs Also See for 4S NAT Filter:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Admin Manual
snom 4S NAT Filter
Admin Manual
snom 4S
NAT Filter
Version 2.05

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the 4S NAT Filter and is the answer not in the manual?

Questions and answers

Related Manuals for Snom 4S NAT Filter

Summary of Contents for Snom 4S NAT Filter

  • Page 1 4S NAT Filter Admin Manual snom 4S NAT Filter Version 2.05...
  • Page 2 © 2004 snom technology Aktiengesellschaft. All Rights Reserved. This document is supplied by snom technology AG for information purposes only to licensed users of the snom 4S NAT filter and is supplied on an “AS IS” basis, that is, without any warranties whatsoever, express or implied.

  • Page 3: Table Of Contents

    Requirements on User Agents..........19 2.6.1 Non NAT-Aware User Agents ..................................................2.6.2 STUN/ICE-Aware User Agents Installation.............21 Windows................. 21 Linux ................29 Configuration..........31 Logging In ..............31 Port Binding ..............31 System Settings .............. 33 snom technology AG • 3...
  • Page 4 4 S N A T F S N O M I L T E R Security Settings ............. 35 System Information ............36 Server Log ..............36 Trace................37 Currently Ports ..............38 Currently Handled UA ............38 4.10 Memory Statistics ............39 Checklist for Installation ........41 Linux ................

  • Page 5: Overview

    Overview The snom 4S NAT Filter enables non-NAT aware devices to operate in private networks. The filter operates typically on a public IP address. Non-NAT aware devices are automatically refreshed; NAT-aware devices that operate behind symmetrical NAT may self-refresh their bindings using the built-in STUN server of the filter.

  • Page 6: Features

    4 S N A T F S N O M I L T E R tomers. Using the scalability feature of the filter, the operation of large networks becomes possible. • Record specific calls for legal purposes. In many countries, opera- tors must provide the possibility to record certain calls on request.

  • Page 7: Architecture

    There are two exceptions to this rule: • The first exception is a REGISTER request. When a user agent tries to register and needs the support of the filter, the filter will set up a snom technology AG • 7...

  • Page 8: Nat

    This document shows how the snom 4S filter can be used to solve the problems. Although snom also makes user agents, the snom 4S filter works with most SIP user agents from other companies. The requirements on these user agents are described below.

  • Page 9: Symmetrical Rtp

    Typically, the SIP proxy will run on a public IP address where it is possible to deal with all kinds of NAT. Keep-Alive messages may keep the NAT binding open (for example, short registration periods or non-SIP messages). snom technology AG • 9...

  • Page 10: Media Rtp

    4 S N A T F S N O M I L T E R 2.2.4 Media RTP Media is much more problematic than SIP because users are sensitive to delay in a voice conversation. When the delay is too long, the speakers need to be disciplined not to interrupt the other person when starting to speak.

  • Page 11: Probing Media Paths

    For example, when a user A in Tokyo is registered with a operator in New York and wants to call his colleague B (which is registered to a service provider in Sydney and who is sitting in the same snom technology AG • 11...

  • Page 12: Optimizing The Media Path For Symmetrical Nat

    4 S N A T F S N O M I L T E R office in a private network), the media would have to flow first from Tokyo via New York then via Sydney and then back to Tokyo. Considering the speed of light, the delay would at least be around one second;...
  • Page 13 Max-Forwards: 69 Contact: <sip:217.115.141.99:5082;ua=c9b140ab59829bb491e9c3aaca440> Supported: gruu User-Agent: snom200-2.03w Expires: 86400 Content-Length: 0 SIP/2.0 200 Ok Via: SIP/2.0/UDP 217.115.141.99:5082;branch=z9hG4bK-e8d1feb8138c3d85 0637ced821ef40a3;ua=c9b140ab598290e5bb491e9c3aaca440 Via: SIP/2.0/UDP 203.145.183.113:12975;branch=z9hG4bK- abx3au3mxb01;rport=17401 From: “denny” <sip:denny@snomag.de>;tag=k9p6fmeg7h To: “denny” <sip:denny@snomag.de>;tag=epuy85kzm5 Call-ID: 3c26701d7cb9-pady07b5783t@203-145-183-113 CSeq: 14 REGISTER Contact: <sip:217.115.141.99:5082;ua=c9b140ab598290e5bb491e9c3aaca44 snom technology AG • 13...

  • Page 14: Registering With Ua Support

    4 S N A T F S N O M I L T E R 0>;expires=3600;gruu=”sip:denny@snomag.de;gruu=hobiv52b” Date: Wed, 26 May 2004 16:03:33 GMT Server: snom proxy (Unix) 2.42.6 Content-Length: 0 SIP/2.0 200 Ok Via: SIP/2.0/UDP 203.145.183.113:12975;branch=z9hG4bK- abx3au3mxb01;rport=17401 From: “denny” <sip:denny@snomag.de>;tag=k9p6fmeg7h To: “denny”...

  • Page 15: Rtp Relay

    To: “Karl Klammer” <sip:cs@snom.com>;tag=996wctfnen Call-ID: 2605c340c91d-cj4sy7drgp6q@192-168-1-10 CSeq: 2 REGISTER Contact: <sip:kk@192.168.1.10:5060;line=5zy4hsui>;expires=3600;gruu= ”sip:kk@snom.com;gruu=5npko91p” Server: snom proxy (Unix) 2.42.7 Date: Sun, 06 Jun 2004 11:50:22 GMT P-NAT-Refresh: 15 Content-Length: 0 2.3.3 RTP Relay When initiating a call, user agents usually include a Session Description Protocol (SDP) attachment that describes where they expect media.
  • Page 16 4 S N A T F S N O M I L T E R media filter supports “interactive connectivity establishment” (ICE) method that has been published recently in the IETF. Using this method, user agents may probe several addresses and decide which address they use for communication.

  • Page 17: Scaling And Redundancy

    DNS SRV (RFC 2782). That means, you need to list the available servers on DNS level; the user agents must perform DNS SRV look ups and pick one of the servers (possible using the detection algorithms described below). snom technology AG • 17...

  • Page 18: Detecting The Right Nat Filter

    The snom 4S NAT Filter includes a STUN server that operates on the SIP UDP port. User agents should send their test packets to the SIP port.

  • Page 19: Requirements On User Agents

    In any case, customers are asked to contact their vendor in case of problems and explanations. As a general remark, snom recommends to use NAT-aware user agents to reduce the network overhead and support overhead.
  • Page 20 4 S N A T F S N O M I L T E R 20 • Architecture...

  • Page 21: Installation

    Also, please make sure that you have the necessary administrator rights to run Windows services. To start the installation, simple double-click on the installation executable. You will see the Welcome screen of the installation dialog. snom technology AG • 21...
  • Page 22 4 S N A T F S N O M I L T E R To continue the installation read the text and click the Next button. It will guide you to the license agreement page. 22 • Installation...
  • Page 23 Cancel button. If you agree with the license agreement, the next screen will ask you to enter the license conditions and select the ports of the NAT Filter. snom technology AG • 23...
  • Page 24 4 S N A T F S N O M I L T E R The hostnames are a list of host identifications that identify this installation. Typically, it is the list of DNS FQHN names for the used host. You will receive the license code from the company where you bought the product.
  • Page 25 After entering the license information and the port numbers, the InstallShield program will ask you for the installation directory. Typically it proposes a reasonable directory; however you may change the directory using the Change button in this installation dialog. snom technology AG • 25...
  • Page 26 4 S N A T F S N O M I L T E R After you have entered the necessary information, the last dialog will ask you to start the installation. You will see a progress indication. The installation typically takes only a few seconds. 26 •...
  • Page 27 The last InstallShield dialog offers you to start the NAT Filter. If you choose this option, you don’t have to go to the services manager. snom technology AG • 27...
  • Page 28 To see the NAT Filter service, go to the Control Panel, Select the Administrative Tools and double click on Services. You will see the list of services, including the snom 4S NAT Filter. If you select the properties menu entry, you will see the Properties dialog for the NAT Filter.

  • Page 29: Linux

    NAT Filter is started automatically, you can modify the Startup type to manual. 3.2 Linux After you downloaded the desired RPM you may install it either with graphical front end of your distribution for installing additional software or as root via the command line. snom technology AG • 29...
  • Page 30 The process is not started automatically after the installation, like it was with the old snom software packages, because RPM’s can not be installed with user interaction. Thus the software is installed with default values for the HTTP and SIP ports. Please verify first if the default values in /etc/syconfig/snom* match with your local requirements, before you start the process as usual with /etc/init.d/snom* (or rcsnom* under SuSE).

  • Page 31: Configuration

    The login creates a session. This session will timeout after a cer- tain time (by default, one hour). 4.2 Port Binding You need to tell the server on what ports it should listen. snom technology AG • 31...
  • Page 32 4 S N A T F S N O M I L T E R For http and https, you need to know these port numbers when you want to log in. We recommend not using the standard ports. Operat- ing a server on the public internet usually leads to a lot of denial of service attacks on the standard ports.

  • Page 33: System Settings

    The log messages written to the log file are not affected by this setting. You should specify a file name, so that the NAT Filter can Save Registrations to File. This file is written each Registration Save snom technology AG • 33...
  • Page 34 4 S N A T F S N O M I L T E R Interval (is seconds). It is used when the server is restarted and allows the continuation of the service without waiting for the user agents to reregister.

  • Page 35: Security Settings

    The Session Timeout is the number of seconds after which the NAT Filter web server deletes the session. If you access the web server after this time, you need to log on again. If you change the password dur- snom technology AG • 35...

  • Page 36: System Information

    4 S N A T F S N O M I L T E R ing a session, you do not have to enter the new password for the existing session. If you have bought a certificate, you may upload that certificate from the web page.

  • Page 37: Trace

    Filter, “Tr” means the packet has been sent as message repetition, “Td” means the packet was sent to a UA behind NAT, “Rx” means the packet was received normally, “Rr” means the packet was received as a message repetition. snom technology AG • 37...

  • Page 38: Currently Ports

    4 S N A T F S N O M I L T E R The Source/Destination indicates the IP address where the packet was sent or received. The Header column contains the abstract. By clicking on the header link, you may see the complete packet. 4.8 Currently Ports It is important to see which calls are active on the SBC.

  • Page 39: Memory Statistics

    This web page shows information about the current memory usage. The primary goal is to identify situations when the process grows more than expected. Usually, the NAT Filter process should not take more than five megabytes. snom technology AG • 39...
  • Page 40 4 S N A T F S N O M I L T E R 40 • References...

  • Page 41: Checklist For Installation

    Checklist for Installation When snom or one of their partners perform the installation for you, the following information is necessary: 5.1 Linux • Please provide secure shell login to the system that can be ac- cessed at least from the snom.com host (currently at IP address 217.115.141.99).
  • Page 42 4 S N A T F S N O M I L T E R • Please tell us for what domains you plan to use the server. Please also tell us where you want to process the requests (which outbound proxy to use for NAT Filter).
  • Page 44 Aktiengesellschaft Pascalstr. 10B, 10587 Berlin, Germany Phone: +49 (30) 39833-0 mailto:info@snom.com http://www.snom.com sip:info@snom.com © 2004 snom technology AG All rights reserved.

Table of Contents