Scenario:

Our Asterisk 13 PBX (on network 192.168.254.0/24, bound to 192.168.254.1:5060) is behind a NAT, acting as a client to our ITSPs SIP server. But also, this Asterisk is server for various VoIP telephones.

Acoording to Asterisk’s wiki, the transport section of pjsip.conf is configured as follows:

; Transport via UDP
[transport-nat-udp]
type= transport protocol= udp local_net= 192.168.254.0/24
local_net= 127.0.0.1/32
bind= 192.168.254.1:5060
external_media_address= ddns.gdr external_signaling_address= ddns.gdr

The VoIP phones are also residing on network 192.168.254.0/24, bu they are separated and strictly prohibited by firewall rules to act with the outer net. The Asterisk PBX is acting as the transition point between our VoIP phones and the ITSPs SIP server.

So, my understanding is that for NAT, the transport is recommended to be configured as shown above. But what is about the transport with the phones “inside”?

I’m new to Asterisk, and from the “naiv” understanding of what I extracted from the sparse documentation on that subject, for each endpoint associated with a phone, I need transport. The protocol used by the phones is UDP, but no NAT. So, I did create a new transport section, like

[transport-udp]
type= transport protocol= udp bind= 0.0.0.0

This results immediately in an error due to the bind= attribute. Asterisk bails out at havind the address already in use. In fact, it is the trunk/endpoint consuming the
192.168.254.1:5060, and since the VoIP phones are all in 192.168.254.0/24, this results obviously in an error. This is surprising me 🙁

How to deal with this without adding more network complexity like routing (by putting the phones into a subnet or other network)?

Kind regards,

oh