View Single Post
Unread 01-14-2007, 06:53 AM   #1
polygnwnd
Junior Member
 
Join Date: Jan 2007
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
polygnwnd is on a distinguished road
Default Symmetric NAT issues with Cisco 7961G prevent registration

I am new to Voxalot and would like to register my Cisco 7961. This UA has a particularly unhelpful SIP implementation that sends SIP messages (e.g. REGISTER) to the proxy (e.g. based on DNS record for voxalot.com) from random high numbered ports (e.g. UDP/49000). By itself, this is not a problem, except that it listens for responses only on the configured "VOIP Control Port" (e.g. UDP/5060), which make it incompatible with Symmetric NAT (e.g. on asterisk, "nat=yes"). To make things especially fun, it increments the source UDP port with each outgoing SIP message (so the first REGISTER could come from UDP/49000, second attempt from UDP/49001, ...).

The UA is technically behaving in an RFC compliant way, and Cisco contends that this is a security enhancement. The Voxalot SIP proxy appears to use Symmetric NAT to workaround NAT issues.

I have this device working fine with a number of VOIP providers (e.g. Vitelity, Junction, FWD, etc.). Vitelity and Junction both allow the user to configure whether to use Symmetric NAT in their account management interface, and FWD seems to have an automatic protocol sniffing approach.

Is there a way to use Voxalot without Symmetric NAT? I realize most people don't need this, but it's quite useful for those who do.

This strange UA behavior is documented on the VOIP wiki: http://www.voip-info.org/wiki/index....%20local%20PBX

Anybody else affected by this?

Thanks!
polygnwnd is offline   Reply With Quote