1. Manuals
  2. Brands
  3. Snom Manuals
  4. VoIP
  5. 4S NAT Filter
  6. Admin manual

Symmetrical Rtp; Signalling Sip - Snom 4S NAT Filter Admin Manual

Version 2.05
Hide thumbs Also See for 4S NAT Filter:
Table of Contents

Advertisement

from the same origin. This fact is used by STUN (RFC3489) to set up an
association between a public IP address and a private IP address.
In symmetrical NAT, the router stores the address where the
packet was sent. Only packets coming from this address are forwarded
back to the private address. This algorithm increases the security as it is
harder to guess the source IP and port for attackers. Full cone NAT does
not perform this check.
There are some mixed variants between full cone NAT and
symmetrical NAT. Restricted port NAT works similar like symmetrical NAT,
but uses only one port association.
Hairpinning is the ability of the NAT to route packets coming from
the private network addressed towards a public IP address binding back
to the private network. Not all routers are supporting this feature.

2.2.2 Symmetrical RTP

The real time protocol (RTP) is used to transport media.
Symmetrical RTP is a trick to extend the number of cases when
communication can be established. A SIP user agent that supports
symmetrical RTP waits for the first RTP packet coming in and then sends
its media stream back to the IP address from which it received that packet.
Symmetrical RTP works always if the user agent that does symmetrical
RTP is on a globally routable address. However, this algorithm can easily
be cheated (port spraying) and therefore implies a certain security risk.

2.2.3 Signalling SIP

SIP traffic is relatively unproblematic because SIP typically is not
as time critical as media. Usually, it is ok to route SIP packets through a
longer path than media.
In SIP it is legal to send from a different port than the receiving
port. When this is being done, there is no way of supporting these devices
behind NAT. However, some phones offer an option that disables this
mechanism so that the sending port is the same as the receiving port.
Typically, the SIP proxy will run on a public IP address where it
is possible to deal with all kinds of NAT. Keep-Alive messages may keep
the NAT binding open (for example, short registration periods or non-SIP
messages).
[
4 S N A T F
S N O M
]
I L T E R
snom technology AG • 9

Advertisement

Table of Contents
loading

Related Manuals for Snom 4S NAT Filter

Related Content for Snom 4S NAT Filter

Table of Contents