...
The following describes how to setup a Vega gateway for use in a NAT'ed environment through internally configured port translation using both a router and the Vega.
How does a NAT operate
NAT (Network Address Translation) is a facility that allows multiple devices (PCs, servers, Smart Phones, tablets, gateways etc) that require access to the Internet but only need a single WAN IP address and route to the public Internet.
...
In order to handle unsolicited data packets arriving on the public side of the PAT router (e.g. return leg of RTP VoIP calls), the NAT/PAT router must be configured with static entries (Port Forwarding) in the table, identifying where to send IP packets if they arrive on specific IP address / port numbers.
...
Problems of VoIP protocols
Although NAT/PAT routers translate the Return IP address and port and route the packets appropriately, unfortunately both SIP and H.323 protocols send IP addresses and port numbers within the protocol, to for example, tell the far end where to send the media and signalling information. Standard NAT/PAT routers, those that are not VoIP aware, can only modify the VoIP header and so pass these values through without change. When the far end device tries to send, for example, some media packets it will try to send them to the private IP address that will not be known, and will not be route-able within the Public Internet.
Possible Soution - VoIP aware NAT/PAT routers / firewalls solve the NAT problem
There are a number of NAT/PAT routers / firewalls that are VoIP aware. These will not only translate the IP address and port information in the IP headers, but also have enough knowledge of the VoIP protocols to be able to look at the contents of the various messages and apply IP address and port number translation to these where required. Where the Vega is situated behind a VoIP aware NAT/PAT router / firewall, the Vega needs no special configuration to operate correctly.
Possible Solution - VPN traversal of NAT solves the NAT problem
VPN tunnels can be created by some firewalls between specific points in a Network. These VPN tunnels, although communicating from private address ranges across the public IP network to destination private IP address ranges hide that traversal from the IP endpoints in the private IP network. Endpoints on different sites can ?see? the far end network as part of its own network. Where the Vega is communicating across a VPN, the Vega needs no special configuration to operate correctly.
Possible Solution - Session Border Controller traversal of NAT solves the NAT problem
A SBC (Session Border Controller) is a device that has a public IP address and is used to proxy VoIP communications. Because it has a public IP address it sees the messaging coming from the outside IP address of the NAT device through which the Vega is communicating. This allows it to intelligently correct private IP addresses presented in the VoIP messaging with the public IP address of the NAT device. Where a SBC is used in conjunction with the Vega, the Vega needs no special configuration to operate correctly.
Procedure to Configure the Vega to work with NAT/PAT devices that are not VoIP aware
Local versus public
The first thing that the Vega needs to know is which IP addresses are on the local network (on the private side of the NAT/PAT device, the same side as the Vega itself), and which IP addresses are on the far side of the NAT/PAT device. When communicating with devices on the local Network the Vega will not need to apply any special handling to the IP messages, but when communicating with those on the far side of the NAT/PAT, the Vega will have to apply the IP address and port translation.
...
Note The IP Address 64.120.7.3 is an example Public IP address for the NAT Router.
...
Detailed Vega configuration (by Web Browser Interface)
Local versus public
To identify which IP addresses are local IP addresses to the Vega, and which IP addresses are only accessible via the NAT/PAT, in the Vega parameters specify the subnets which are local to the Vega. IP addresses not in this list will be treated as only accessible via the NAT/PAT.
...
In this way, additional entries can be configured
NOTE The configuration changes made here will need to the submit button selected - please follow the onscreen prompts
...
Note This address will be specified in the SDP sent by the Vega to the Public IP based ITSP
NOTE The configuration changes made here will need to the submit button selected - please follow the onscreen prompts
...
The default NAT Port entry list will use all NAT Port Entries configured. Below are examples of the NAT Port Entry configuration based on the example information above:
NOTE The configuration changes made here will need to the submit button selected - please follow the onscreen prompts
...
NOTE The save process creates a select "Continue" on this window.
Checking the configuration
...