Routers with SIP, NAT and ALGs

Getting some routers working with VOIP can be a pain. The problem is caused by NAT, and the translation of a private IP address (10.0.0.0/8 or 172.16.0.0/12 or 192.168.0.0/16) in to a IP address that works on the internet.

This is difficult with SIP/VOIP because IP addresses are not only included in the packet header, but also inside the packet itself. There are various methods that can be used to try and resolve this issue, and various places that ‘fixes’ can try and work.

The issue is this …

  • a local device (phone) sends a SIP packet to a device on the internet (Asterisk)
  • this packet will include local IP addresses in it but the Asterisk server needs to respond to the public address

There are a few different methods to try and ‘fix’ the issue

  • the phone uses STUN/ICE and tries to replace the private IP with the public IP in the packets it sends
  • the broadband firewall includes rules (a SIP ALG) to modify the packet as it’s forwarded
  • Asterisk tries to fix the issue by seeing where the packet came from (source address) and using that to modify the SIP packets

The 3 things working above can cause chaos, and failed calls!

The most difficult to troubleshoot is the firewall SIP ALG one as a packet will go in from the local network, some changes will be made!, and then the packet will be forwarded to the internet device. Some routers do a better job making changes to the packets than others.

I came across a great list written by Vonage including many routers and steps that can be taken to try and get them working with VOIP/SIP – https://support.vonagebusiness.com/app/answers/detail/a_id/21546