Tuesday, August 4, 2009

Howto NAT: Polycom Phones and Asterisk

I see many posts on the Internet regarding registering Polycom phones to Asterisk when one or both are behind a NAT firewall. Having worked through this issue myself I thought it was time to share with the community the steps I take to get my remote Polycom customers up and running. Most of these steps will apply to any SIP device on the market, but here I am focusing on configurations specifically for Polycom since they are the only phones you should ever consider using. :D

Firewall Settings

Assuming you are working with a NAT/PAT capable router the following ports on your network need forwarded to your server and your phone (if you are working with multiple phones behind the same firewall you need to define RTP ports for each phone):
  • SIP UDP/5060 Forward to the internal address of the server or phone
  • RTP UDP/10000-20000 Forward to the internal address of the server or phone
If you have a firewall that can prioritize traffic or perform QOS you want to prioritize this traffic to the Internet. This will help keep your Youtube vids from interfering with your voice quality.

Asterisk Settings

SIP was not made with NAT in mind. Therefore, some specific settings are required in Asterisk to get SIP to work from behind NAT. Primarily, Asterisk needs to advertise the external IP address of the NAT device it is hiding behind. This modifies the SIP headers and keeps your voice and signaling path from trying to reach an internal address from an external location.

In the [general] section of sip.
conf (or in sip_general_custom.conf on a FreePBX server) add the following lines:

externip=65.31.68.99 (this is the external IP of your network)
localnet=192.168.1.0/255.255.255.0 (this is the internal network and netmask)


If you do not have a static
IP you will need to use a URL. In this case use this instead:

externhost=mydomain.ibnating.com (your URL)
externrefresh=120 (DNS refresh rate)
localnet=192.168.1.0/255.255.255.0 (your internal network and netmask)

Once you have these settings in place you will need to specify whether your SIP clients are NAT or local. From FreePBX this is easily accomplished in the extensions configuration by setting NAT to "yes" and qualify to "yes". These same settings apply if you are building your sip peers in sip.conf. Your other phones will need to be set to "no" for NAT so that they receive internal network information from Asterisk.

Phone Settings

This used to be a hassle with Polycom phones. Luckily with newer firmware versions, fields have been added to make dealing with NAT a breeze. This assumes you are using a boot server to configure your phones. This is the best (read "correct" here) way to manage a Polycom device. If you are configuring the phone via the web interface or menus please fee free to interpret these settings for your own purposes.

Add the following line to sip.config:

nat nat.ip="24.192.179.235" nat.keepalive.interval="30" nat.signalPort="5060" nat.mediaPortStart="10000"

  • nat.ip is the external address of the nat device that the phone is behind.
  • nat.keepalive.interval is the interval that the phone will send a keep alive packet to Asterisk. This should be 60 seconds or less. I use 30.
  • nat.signalPort is the port SIP signalling. This should be 5060 unless you are using a goofy port for sip or separate ports for multiple phones.
  • nat.mediaPortStart defines the beginning of the RTP range. Typically RTP is 10000-20000 so I set this to 10000.
Once you have completed these steps the phone should register an make phone calls. If you have any issues at all feel free to post a comment here and we will respond. For further reference you can check out our knowledge base at kb.bitwaretech.com.


3 comments:

  1. What if the phone is used with a residential DSL connection where the public IP is always changing?

    ReplyDelete
  2. Can you put the nap.ip="" in any other files? I have multiple devices at multiple locations so the public ip would have to change. The only files that I have that are unique to the sites would be the x101, x102.cfg etc....

    ReplyDelete
  3. Regarding DSL and a Dynamic address, since you can only use an IP address in externip field of the Polycom SIP config, your external IP needs to be static unless you want to change your sip config every time the IP changes.

    Regarding that placement of nat.ip="" in the extension specific config, you can do this. The one important thing to note when doing this though is that the extension config does not override the sip config. Therefore, if you want to place a setting in the extension config you need to remove it from the sip config.

    One way of handling this is to have all of your local phones use a common generic zero mac and sip config for all their common global settings. This will make it easier to make a global change to the phones. Once settings are placed in the extension specific configs, each config then has to be edited to make a global chande. You can then create second boot server for you off-site phones and place their connection and NAT settings in the extension specific configs and keep their remaining global settings in a generic sip.config.

    ReplyDelete