Cisco Systems SPA9000 manual NAT Types, Simple Traversal of UDP Through NAT

Chapter 1 Using the Linksys Voice System

Technology Background

NAT Types

The different types of NAT implementation are sometimes divided into the following categories:

•Full cone NAT—Also known as one-to-one NAT. All requests from the same internal IP address and port are mapped to the same external IP address and port. An external host can send a packet to the internal host, by sending a packet to the mapped external address

•Restricted cone NAT—All requests from the same internal IP address and port are mapped to the same external IP address and port. Unlike a full cone NAT, an external host can send a packet to the internal host only if the internal host had previously sent a packet to it.

•Port restricted cone NAT/symmetric NAT—Port restricted cone NAT or symmetric NAT is like a restricted cone NAT, but the restriction includes port numbers. Specifically, an external host can send a packet to a particular port on the internal host only if the internal host had previously sent a packet from that port to the external host.

With symmetric NAT all requests from the same internal IP address and port to a specific destination IP address and port are mapped to a unique external source IP address and port. If the same internal host sends a packet with the same source address and port to a different destination, a different mapping is used. Only an external host that receives a packet can send a UDP packet back to the internal host.

Simple Traversal of UDP Through NAT

Simple Traversal of UDP through NATs (STUN) is a protocol defined by RFC 3489, which allows a client behind a NAT device to find out its public address, the type of NAT it is behind, and the port associated on the Internet connection with a particular local port. This information is used to set up UDP communication between two hosts that are both behind NAT routers. Open source STUN software can be obtained at the following website:

http://www.voip-info.org/wiki-Open+Source+VOIP+Software

STUN does not work with a symmetric NAT router. To determine the type of NAT your router uses, complete the following steps:

Step 1 Enable debugging on the SPA9000:

1.Make sure you do not have firewall running on your PC that could block the syslog port (by default this is 514).

2.On the administration web server, System tab, set <Debug Server> to the IP address and port number of your syslog server.

Note that this address and port number has to be reachable from the SPA.

3.Set <Debug level> to 3 but you do not need to change the value of the <syslog server> parameter.

4.To capture SIP signaling messages, under the Line tab, set <SIP Debug Option> to Full. The output is named syslog.514.log.

Step 2 To determine the type of NAT your router is using set <STUN Test Enable> to yes.

Step 3 View the syslog messages to determine whether your network uses symmetric NAT.