ScopTEL - Configuring ScopTEL for NAT
What is NAT?
Network address translation (NAT) is a methodology of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device. The technique was originally used for ease of rerouting traffic in IP networks without renumbering every host. It has become a popular and essential tool in conserving global address space allocations in face of IPv4 address exhaustion by sharing one Internet-routable IP address of a
NAT gateway for an entire private network. (Source: https://en.wikipedia.org/wiki/Network_address_translation)
NAT routers assign internal and external port numbers to egress source host packets and maintain a cache of this data to reroute returned packets to the correct internal source IP address.
The VIA header
Whenever ScopTEL is behind a third party NAT router an external IP address must be defined so that Asterisk can rewrite the SIP VIA header with the public IP address of the router. Other technologies such as STUN can discover the public IP address of the router both server and client side. However it is easiest to configure the public IP address or Fully Qualified Domain Name manually on the server. Since ScopTEL does this natively the usage of any third party router employing a SIP ALG is NOT recommended.
The VIA Header: Every proxy in the request path adds the “Via” the address and port on which it received the message, than forwards it onwards. When processing responses, each proxy in the return path processes the contents of the “Via” field in reverse order, removing its address from the top.
Here is what the SIP INVITE from a remote NAT extension looks like when calling an internal extension on the same server.
[2016-04-27 10:25:58] INVITE sip:501@fqdn:5060 SIP/2.0
[2016-04-27 10:25:58] Accept: application/conference-info+xml, application/sdp, message/sipfrag, multipart/mixed
[2016-04-27 10:25:58] Via: SIP/2.0/UDP 10.35.25.71:5062;branch=z9hG4bKd0ac118bea34ac054;rport
[2016-04-27 10:25:58] Max-Forwards: 70
[2016-04-27 10:25:58] From: "244" <sip:244@fqdn:5060>;tag=5efba267c4
[2016-04-27 10:25:58] To: sip:501@fqdn:5060
Setting all extensions to use NAT settings
This will configure all extensions to use ‘nat =
force_rport,comedia’
Setting the SIP Trunk to use NAT settings
This will configure the trunk to use ‘nat = force_rport,comedia’
The externalhost setting is used to replace the VIA header
Check the box to enable ‘Server behind NAT’ ONLY if the ScopTEL Server is behind a NAT router. This will set any SIP packets not in the Local Network list to use the externhost in the SIP VIA header. If the ScopTEL server has a direct public interface this option is not required.
External IP or Hostname = fullyqualifieddomainnamegoeshere
This address or hostname must be equal to the public IP address of the server.
Any local hosts must have their Local Networks defined so that they DO NOT use the externalhost in the VIA header. This includes any local networks, VLAN’s, or remote VPN subnets, and often applies to ITSP SIP trunks using a private network such as a dedicated MPLS interface for the trunk! Failure to include all local networks will result in the public IP address being used for all local SIP signalling and these calls will fail.
Related Articles
Module 8 - ScopTEL IP PBX Software - Extensions Management
Security | Background SIP Phones are SIP User Agents. For security, SIP User Agents must register to the SIP Registrar via username and password authentication. It is typical for the SIP protocol ports to be open or forwarded to the ScopTEL server if ...ScopTEL IP PBX Software - Basic Installation Hierarchy for Telephony Server
Basic Installation Hierarchy for Telephony Server Therefore the purpose of this document is to provide a visual walkthrough of a very basic but functional installation for one tenant. This tutorial does not include an overview of the overall network ...Module 23 - ScopTEL - Configuring LDAP and Directories
Background and Pre-Requisites Minimum package version scopserv-server-6.20.0.0.20210211-1.nodist.scopserv.noarch Supported Handsets: Yealink, Polycom (version 3+ firmware), Snom What is LDAP ? LDAP (Lightweight Directory Access Protocol) as its name ...ScopTEL Telephony Feature List
ScopTEL Telephony Feature List ScopTEL has many applications and many Enterprise PBX features. This is a list of PBX Features. Feature Name Extended Description Fax Server Fax to Email Email to Fax (Clientless) Per User Licensing Model Customizable ...Module 19 - ScopTEL IP PBX Software - Quality-of-Service-Training
The use of IP as a foundation for converged networks has raised several issues for both enterprise IT departments and ISPs. IP and Ethernet are connectionless technologies and do not guarantee bandwidth. The protocol will not differentiate network ...