TL MTE and NAT traversal

I use vlans + siproxd at the gateway of all the customer sites. its usually a massive up grade from those piece of shit home-grade wireless routers most customers install.

We use Edgemarc 4500 routers at the customer sites.

those are pricey =)

We have at client locations Cisco 870 and 1841 routers for clients with a single uplink we use 871 for costumers who have dual uplinks we use 1841, and we still experiencing issues even our Cisco guru's did all tweaking.

But at some clients we don't have a control of the network so we want some type of solution that will allow us still to deliver them with Hosted PBX without our involvement in they network.

For example:

I have a prospect who has a SonicWall + T1, he want's 5 Cisco 7960 phones, I have installed a demo phones, we have installed them and he has an issue receiving calls.

On other hand we have a Sylantro + Acme Packets with MGCP for Cisco phones, we have puted phones there and it all works fine. Also we have tryed the same with Polycom 650 and there was a same issue with TL MTE, but Sylantro and Acme did work well... so what is the solution could be for us to add on our end... I was thinking about OpenSIPS + RTP Proxy that could help us but I have no idea how to integrate it with TL MTE

sonicwall has documented issues with voip. They experience the biggest nat traversal issues. They have been proven to literally strip the QoS headers off the packets as they pass through the sonicwall. Make sure the sonic wall is running the very latest firmware, at least that version addresses some of the NAT issues. It does nothing for the death-to-QoS issues however.

you really can't compare MGCP to SIP any more than you can compare SIP to IAX2 for works vs doesn't work. They work very differently. SIP is technically a combination of SIP, SDP and RTP.

the problem with trying to install a proxy at your end on the public internet is that its ... on the public internet ... AFTER the damage has already been done (NAT). You really want to tackle the problem at the source. Its the act of NAT itself that is damning to the way SIP/SDP operate. By proxying the SIP messages at the juxtaposition of both network segments (public vs private), NAT never occurs. The sip proxy operates as a forwarding agent handling the messaging between a private network and a public network. Asterisk see's the extensions registering from the public IP of the proxy, it sends its INVITE messages to that IP. The sip proxy examines the To: header and looks up the extension in its dynamic table and forwards the message to the internal IP of the phone. There is no guesswork on the part of some firewalling/nat software to get wrong.

So, Erik, do you put a server at each customer site?

We buy our Edgemarcs from netxusa.com. We're a dealer with them, so we get wholesale pricing. If you compare the price of an Edgemarc to, say, a Nortel PBX I dont think they're that pricey at all. ;->

We have found them to be very reliable, and have a great set of features. Also, we can get them preconfgured for our system from Netx so that if we want to we drop ship to the customer.

sipproxd does look very interesting, though. Is it text based, or is their a gui?

Dozment do I have your email? I can send you some screen shots and wiring guide so you can get the big picture. We began production of a SMB embedded device with 3 ethernet ports, serial console, 2 usb ports. We don't have the labeling project done yet but everything else is complete including first draft of the manual. The unit will support as many concurrent calls as you have bandwidth to support. Siproxd is just one of the daemons assembled onto the device. It also contains a fully featured dhcp server so you can do advanced auto provisioning with phones as well as 802.1q vlans. Additional features include:

robust statefull firewall rules

traffic shaping to guarantee bandwidth for voice

PPTP VPN

IpSec VPN

OpenVPN VPN client and server modes

plus a bunch of other firewall goodies like upnp, time servers, dynamic dns etc.

I prepare TL MTE server which should go to production in next 2-3 weeks. I want to use openVPN to connect to server - no NATing...

Peter

Would acme packet SBC will help?

END PONIT > acme packet SBC > TL MTE

TL MTE > acme packet SBC > END POINT

Erik, I would like to know more. You can email me at dan at env-sol dot net.

We use Edgemarc 4500s (also through NetxUSA) and open source firmware on Linksys routers (dd-wrt) for the smaller installs (2-3 phones). We have really good luck with NAT and QoS with these devices, but always looking for something better.

I have had really good luck running SIP/RTP over OpenVPN tunnels and am looking for a pro-consumer/small business type device that can kind of wrap it all up.

Erik, if you can, please share what you have going on with your CPE. Thanks. brian at hosted ip phone dot com

Hey Dan - we are really happy with TL, thanks again for the chat.

Brian

Erik,

Please forward the information here as well.

-Matt

We have used the Edgemark's as well. Pretty good but a little pricey. We installed an SBC at the COLO from Ingate, it is called a SIParator. Majority of NAT issues have gone away. At the customer site the majority of DLINK and Linksys router work fine, if the customer has something a little better like Netopia, Cisco, etc, you will need to disable Sip Packet inspection and everything is golden. We tried a few SBC, before settling on the Ingate. Talk to Steve Johnston over at ingat if your interested.

Cheers,

Chris

Brian,

Can we chat about how you have your encryption working, we are looking at doing something similar.

My email is mdarnell+youcandeletethis@gmail.com

Thanks,

Matt

Hey Erik,
We would love to get more information on this too. Can you send it to me at csn_889 at yahoo?

Thanks,
Nic

Not much idea about it.