Ask Mr. Andrews: What is NAT Traversal?
“Dear Mr. Andrews” is a new addition to our VoIP Supply Knowledge Base.
Cory Andrews, our Director of New Business Initiatives, will be taking questions on everything you would like to know about VoIP. Here is the first of our series.
Dear Mr. Andrews:
“What is NAT Traversal?
NAT is short for Network Address Translation. You may also hear NAT referred to as “IP Masquerading.” NAT is typically used by a router or firewall to allow devices on a LAN (Local Area Network) with private IP addresses to share a single, public IP address. Why would we want to do this? Since a private IP address is only accessible on the LAN and can only communication with other devices on the LAN, NAT provides translation between private and public IP addresses at the point where the LAN is connected to the Internet. “NAT Traversal” is the passing of traffic through NAT. Devices such as IP Phones typically have private IP addresses, and typically cannot communicate with a SIP registrar on the Internet without some form of NAT.
You can think of a NAT as a translator or intermediary between private and public devices. A device on the LAN that wants to communicate with a device on the Internet will send its traffic to the NAT router, which replaces the source device’s private IP address with its own public IP address and then forwarding this traffic through to the destination device on the Internet. When the device on the Internet responds back, the NAT router cross references its translation tables and locates the original source IP address of the packet, which is the same IP address as the device on the LAN that initiated the connection, and forwards the response to that device.
With VoIP, NAT can be problematic. First off, when connecting to a SIP registrar, devices will try to register with their private IP. The second problem is that firewalls will not pass through inbound messages to a NATed device without an established session or “pinhole.” A session is created when a packet is sent from the NATed device to the Internet. The session pinhole allows the reply from the Internet to traverse the firewall and reach the NATed device. To maintain the session the NATed device behind the firewall must keep sending messages to keep the session/pinhole open. These are called “NAT Keep Alive” messages.
When a connection is originated by a device outside the LAN it is not clear which device on the LAN the connection is meant to be established with. A rule is required to tell the NAT router what to do with the incoming traffic, or it will discard the traffic and no connection will be established. Many NAT routers and firewalls support a DMZ which allows for the setup of simple rules for handling inbound traffic. Another method, called Port Forwarding, allows the NAT router to pass incoming connection requests to different devices on the LAN depending on the type of connection…in this case VoIP traffic.
EdgeWater Networks has developed specialized edge devices that provide NAT and firewall capabilities.
5 Comments
Nice post that simplifies needed information for successful VoIP and a great idea for a series. Keep ’em coming, Cory!
By the way Mr. Andrews, which fork is the salad fork? 🙂
I believe the salad fork is typically the smaller, four pronged fork on the lefthand side of the placesetting, closest to the napkin.
In my house we are big fans of the spork.
These guys are the VoIPSupply of the salad fork industry http://www.saladforks.net/
Dear Mister Andrews….
Can you explain how to set SIP ports on modern popular hardware phones such as the medium priced (or are they entry level these days) Sipura/Linksys/Cisco line?
Why would you not use 5060? If you have several phones behind NAT on the same LAN, is there a logical way to set these? How does the other endpoint see this? Enquiring minds and all that…
I shall wait here on ICE for a STUNning discussion in a future article.
Fantastic site you have here but I was wondering if you knew of any forums that cover the same topics talked about here? I’d really like to be a part of group where I can get opinions from other knowledgeable individuals that share the same interest. If you have any recommendations, please let me know. Thank you!
Excellent !!!