Cisco Systems SPA9000 manual SIP-NAT Interoperation

If the SPA9000 is behind the NAT device, the private IP address of the SPA9000 is not usable for communications with the SIP entities outside the private network.

NOTE If the ITSP offers an outbound NAT-Aware proxy, this discovers the public IP address from the remote endpoint and eliminates the need to modify the SIP message from the UAC.

The SPA9000 system must substitute the private IP address information with the proper external IP address/port in the mapping chosen by the underlying NAT to communicate with a particular public peer address/port. For this, the SPA9000 system needs to perform the following tasks:

•Discover the NAT mappings used to communicate with the peer.

This can be done with the help of an external device, such as a STUN server. A STUN server responds to a special NAT-Mapping-Discovery request by sending back a message to the source IP address/port of the request, where the message contains the source IP address/port of the original request. The SPA9000 system can send this request when it first attempts to communicate with a SIP entity over the Internet. It then stores the mapping discovery results returned by the server.

•Communicate the NAT mapping information to the external SIP entities.

If the entity is a SIP Registrar, the information should be carried in the Contact header that overwrites the private address/port information. If the entity is another SIP UA when establishing a call, the information should be carried in the Contact header as well as in the SDP embedded in SIP message bodies. The VIA header in outbound SIP requests might also need to be substituted with the public address if the UAS relies on it to route back responses.

•Extend the discovered NAT mappings by sending keep-alive packets.

Because the mapping is alive only for a short period, the SPA9000 system continues to send periodic keep-alive packets through the mapping to extend its validity as necessary.