Multi-homed SIP In Asterisk 11?

Home » Asterisk Users » Multi-homed SIP In Asterisk 11?
Asterisk Users 7 Comments

Most of my experience until recently has been in Asterisk 1.2, and I am just starting to make use of Asterisk 11 for new systems.

I have a question about using SIP on a multi-homed machine.

I have a customer who wants an Asterisk box with two network interfaces:
one on the public Internet (no NAT), and one on a private LAN. The box will not do any IP forwarding between interfaces. They want to connect to a SIP trunk from an ITSP via the public interface, and to have SIP
phones on their LAN registered via the private interface.

I haven’t tried such a setup before, so before creating a test system, I wondered if anyone here has made such a setup, and whether there are any issues with getting SDP contents and media routing correct?

Cheers Tony

7 thoughts on - Multi-homed SIP In Asterisk 11?

  • I built a setup like this a few years back. I believe the hurdle was more for the OS than asterisk.

    Let say the the two networks are and
    and the gateways are and respectively, and the asterisk box server has the two interfaces as and

    from memory(warning: my memory is not what it used to be):

    echo “1 TenNet” >> /etc/iproute2/rt_tables echo “2 ElevenNet” >> /etc/iproute2/rt_tables

    ip route add dev eth0 src table TenNet ip route add dev eth1 src table ElevenNet

    ip route add default via dev eth0 table TenNet ip route add default via dev eth1 table ElevenNet

    ip route show 2>&1 >> $logFile

    ip rule add from table TenNet ip rule add from table ElevenNet

    ip rule add to table TenNet ip rule add to table ElevenNet

    All that the above does is ensure that traffic is routed out the correct interface based on where it is headed. I.E. All traffic for goes out eth0 all traffic for goes out eth1

    Then in asterisk I believe I add a localnet setting in sip.conf as, could be wrong on this though.


  • This is the standard way we set up our servers. There is nothing special about it. Just make sure you disable direct media.

    —–Original Message—

  • I normally just ensure localnet= and externip= is set correctly. I
    normally also have ‘directmedia=no’ defined in sip.conf so that asterisk is performing store and forward for all the rtp traffic. That does mean rtp traffic for internal calls is going via asterisk where it could be direct between the phones but the amount of traffic doing this is normally pretty trivial so it doesnt matter in most cases.

  • In article <>, Gareth Blades wrote:

    Thanks. But I thought localnet= and externip= were for when the external interface is going through NAT. In this case the ITSP is connected through a real non-NATted public interface.

    Is it possible to specify directmedia=no just for the SIP trunk? So that the phones could still do direct media between themselves, but not if they were connected to the trunk?

    Cheers Tony

  • In article <616B4ECE1290D441AD56124FEBB03D08171492B22C@mailserver2007.nyigc.globe>, Eric Wieling wrote:

    Thanks, that’s reassuring. Appreciate the response!


  • The localnet= can have implications as when asterisk sees that IP
    address it knows its local. This may have knock on effects when you have other settings which do different things of the endpoint is known to be behind nat.

    Its not clearly documented what needs to be set when directmedia=no is turned on. Does it only need to be set on one endpoint, both, or just the destination etc… I am sure you can do it that way but you will need to have a play and work it out.

    I wonder if using directmedia=nonat will help at all. It will disable directmedia if one endpoint is behind nat (this is where localnet= comes in) but I dont know if it will then know to enable direct media if both endpoints are behind nat. I suspect it wont as the endpoints may not necessarily be behind the same nat so this would be unsafe.

  • Here’s how I set up Asterisk in my SOHO installations. For most of these, the asterisk box is dual homed and some are also the site’s router/firewall. The config is the same either way.

    bindaddr =
    externhost = something ; for the sites with a dynamic ip. externip = something ; for the sites with a static ip. localnet =
    nat = force_rport,comedia directmedia = yes insecure=port,invite

    For the peers (both phones and itsp) in either sip.conf or users.conf… nat = force_rport,comedia directmedia = yes insecure=port,invite

    The only deviation from this is for phones that are behind a nat different from the one asterisk is on. For instance, a phone on a home network that connects to asterisk on an office network. For these, set directmedia=no.

    With these settings, audio between the peers is always direct except for the foreign network phones. Transfers, parking, voicemail, etc all work flawlessly.

    Another advantage of directmedia is that codec negotiation happens between the peers so phones that support g722 for instance will use the hd codec between themselves but will use pcm with the itsp if that’s all that’s supported. Without directmedia, asterisk will set up the phone leg of the call with g722 and the itsp leg of the call with pcm then transcode. Not optimal.