Ask Mr. Andrews: Setting Up SIP Ports
Dear Mr Andrews:
Can you explain how to set SIP ports on modern popular hardware phones such as the medium priced (or are they entry level these days) Sipura/Linksys/Cisco line?
Why would you not use 5060? If you have several phones behind NAT on the same LAN, is there a logical way to set these? How does the other endpoint see this? Enquiring minds and all that… I shall wait here on ICE for a STUNning discussion in a future article.
Part of the problem with NAT is that there are several competing mechanisms for negotiating it, and the industry cannot seem to get behind a single, unified methodology. Until this happens, dealing with NAT will likely continue to be a pain in the butt.
STUN, ICE and TURN are three examples of solutions to issues inherent with SIP + NAT. STUN is not 100% reliable depending on the type of NAT you are dealing with. ICE builds upon STUN by allowing the device to use a range of ports and STUN techniques. However, ICE is not well supported. Media relay solutions like TURN can cause latency/QoS issues with VoIP, and are generally difficult to scale.
If you are behind NAT, you can set up port forwarding on your router/firewall to allow VoIP traffic to pass through. For SIP, use ports 5060 to 5070. For RTP audio, use port 8766 to 35000.
There are definitely some security concerns with port forwarding. Hacking tools such as SIPFlanker http://tinyurl.com/sipflanker are available as well as public posts detailing the default login credentials for many Sip devices http://tinyurl.com/sippasswords
When configuring Linksys devices behind NAT, there are a few things you want to be particular about. In the configuration UI, in the “SIP” Tab, make sure you have the following options set:
*******************************************************************
Substitute VIA Addr: yes
STUN Enable: yes
STUN Server:
In the “Ext 1” Tab, make sure you have the following options set:
NAT Mapping Enable: yes
*******************************************************************
Double check the NAT Keep Alive Interval setting on your Linksys phone and make sure it is set to a low value, ideally around 10-15 seconds. For more information on configuring Linksys phones for NAT, refer to (starting) page 59 of the phone administration guide here http://tinyurl.com/linksysspa.