Nat (Network Address Translation) Support; Stun - AudioCodes Mediant 2000 User Manual

10.7

NAT (Network Address Translation) Support

Network Address Translation (NAT) is a mechanism that maps a set of internal IP
addresses used within a private network to global IP addresses, providing transparent
routing to end hosts. The primary advantages of NAT include (1) Reduction in the number
of global IP addresses required in a private network (global IP addresses are only used to
connect to the Internet); (2) Better network security by hiding its internal architecture.
The following figure illustrates the device's supported NAT architecture.
The design of SIP creates a problem for VoIP traffic to pass through NAT. SIP uses IP
addresses and port numbers in its message body and the NAT server can't modify SIP
messages and therefore, can't change local to global addresses. Two different streams
traverse through NAT: signaling and media. A device (located behind a NAT) that initiates
a signaling path has problems in receiving incoming signaling responses (they are blocked
by the NAT server). Furthermore, the initiating device must notify the receiving device
where to send the media.
To resolve these issues, the following mechanisms are available:

STUN (see STUN on page 116)

First Incoming Packet Mechanism (see ''First Incoming Packet Mechanism'' on page
117)

RTP No-Op packets according to the avt-rtp-noop draft (see ''No-Op Packets'' on page
117)
For information on SNMP NAT traversal, refer to the Product Reference Manual.

10.7.1 STUN

Simple Traversal of UDP through NATs (STUN), based on RFC 3489 is a client / server
protocol that solves most of the NAT traversal problems. The STUN server operates in the
public Internet and the STUN clients are embedded in end-devices (located behind NAT).
STUN is used both for the signaling and the media streams. STUN works with many
existing NAT types and does not require any special behavior.
STUN enables the device to discover the presence (and types) of NATs and firewalls
located between it and the public Internet. It provides the device with the capability to
determine the public IP address and port allocated to it by the NAT. This information is later
embedded in outgoing SIP / SDP messages and enables remote SIP user agents to reach
the device. It also discovers the binding lifetime of the NAT (the refresh rate necessary to
keep NAT 'Pinholes' open).
On startup, the device sends a STUN Binding Request. The information received in the
STUN Binding Response (IP address:port) is used for SIP signaling. This information is
updated every user-defined period (NATBindingDefaultTimeout).
SIP User's Manual 116
Mediant 2000
Document #: LTRT-68814