Asterisk 11.6 Nat Problem

Home » Asterisk Users » Asterisk 11.6 Nat Problem
Asterisk Users 1 Comment

using Asterisk 11.6.0-rc1 i just converted my “nat=yes” to
“nat=auto_force_rport,auto_comedia”

I have my asterisk box on the same subnet as a cisco 1760 (vgw1).

a few times per day, Asterisk thinks vgw1 is dead (by qualify/options).
A ‘sip reload’ always fixes the problem.

i left ‘sip set debug peer vgw1’ on the console. but i dont see what’s causing the issue..

http://kister.net/tmp/ast-sip.conf http://kister.net/tmp/ast-console.txt

can anyone spot the issue?

One thought on - Asterisk 11.6 Nat Problem

  • Jeremy Kister wrote:

    Jeremy,

    It looks like at some point Asterisk decides that vgw1’s SIP port is no longer 5060. This may have to do with the NAT settings for that device:

    Before ‘sip reload’ | After ‘sip reload’
    ——————————|—————————–
    * Name : vgw1 | * Name : vgw1
    … | … Force rport : Auto (Yes) | Force rport : Auto (No)
    Symmetric RTP: Auto (Yes) | Symmetric RTP: Auto (No)
    … | … Addr->IP : 10.9.1.9:59934 | Addr->IP : 10.9.1.9:5060
    … | … Status : UNREACHABLE | Status : OK (19 ms)

    Since the device is on the same subnet as your Asterisk server, you could try setting ‘nat=no’ for the vgw1 peer. That may not be a good long-term solution because of its security implications┬╣, but it could help determine if the NAT settings are the cause of the problem and serve as a stopgap until you figure out why the port is changing.

    Alternatively, you could try setting ‘port=5060’ for the vgw1 peer, but that’s the default so it may still get changed.

    ┬╣ From sip.conf.sample:

    IT IS IMPORTANT TO NOTE that if the nat setting in the general
    section differs from the nat setting in a peer definition, then the
    peer username will be discoverable by outside parties as Asterisk
    will respond to different ports for defined and undefined peers. For
    this reason it is recommended to ONLY DEFINE NAT SETTINGS IN THE
    GENERAL SECTION. Specifically, if nat=force_rport in one section and
    nat=no in the other, then valid peers with settings differing from
    those in the general section will be discoverable.

    Regards,

    Matthew Roth InterMedia Marketing Solutions Software Engineer and Systems Developer