Stun - AudioCodes Mediant 2000 User Manual

SIP User's Manual
The design of SIP creates a problem for VoIP traffic to pass through NAT. SIP uses IP
addresses and port numbers in its message body and the NAT server can't modify SIP
messages and therefore, can't change local to global addresses. Two different streams
traverse through NAT: signaling and media. A device (located behind a NAT) that initiates a
signaling path has problems in receiving incoming signaling responses (they are blocked by
the NAT server). Furthermore, the initiating device must notify the receiving device where to
send the media.
To resolve these issues, the following mechanisms are available:

STUN (refer to "STUN" on page

First Incoming Packet Mechanism (refer to ''First Incoming Packet Mechanism''
page 450

RTP No-Op packets according to the avt-rtp-noop draft (refer to ''No-Op Packets''
page 450
For information on SNMP NAT traversal, refer to the Product Reference Manual.

10.3.1 STUN

Simple Traversal of UDP through NATs (STUN), based on RFC 3489 is a client / server
protocol that solves most of the NAT traversal problems. The STUN server operates in the
public Internet and the STUN clients are embedded in end-devices (located behind NAT).
STUN is used both for the signaling and the media streams. STUN works with many
existing NAT types and does not require any special behavior.
STUN enables the device to discover the presence (and types) of NATs and firewalls
located between it and the public Internet. It provides the device with the capability to
determine the public IP address and port allocated to it by the NAT. This information is later
embedded in outgoing SIP / SDP messages and enables remote SIP user agents to reach
the device. It also discovers the binding lifetime of the NAT (the refresh rate necessary to
keep NAT 'Pinholes' open).
On startup, the device sends a STUN Binding Request. The information received in the
STUN Binding Response (IP address:port) is used for SIP signaling. This information is
updated every user-defined period (NATBindingDefaultTimeout).
At the beginning of each call and if STUN is required (i.e., not an internal NAT call), the
media ports of the call are mapped. The call is delayed until the STUN Binding Response
(that includes a global IP:port) for each media (RTP, RTCP and T.38) is received.
To enable STUN, perform the following:

Enable the STUN feature(by setting the ini

Define the STUN server address using one of the following methods:
•
Define the IP address of the primary and the secondary (optional) STUN servers
(using the ini
STUNServerSecondaryIP). If the primary STUN server isn't available, the device
attempts to communicate with the secondary server.
•
Define the domain name of the STUN server using the
StunServerDomainName. The STUN client retrieves all STUN servers with an
SRV query to resolve this domain name to an IP address and port, sort the server
list, and use the servers according to the sorted list.
Version 5.8
)
)
file parameters STUNServerPrimaryIP and
449 )
file parameter EnableSTUN to 1).
449
10. Networking Capabilities
on
ini file parameter
October 2009
on