Summary
NAT and firewalls break the SIP signaling and also interfere with the RTP
media packet flow between SIP endpoints. The solutions developed by the
IETF are the STUN, TURN, and ICE protocols that work (only if the SIP end
devices can support them).
For older, existing SIP endpoints that do not support STUN, TURN, and
ICE, Application Layer Gateways (ALG) or back-to-back UAs (B2BUA) can
solve the problem of NAT and firewall traversal. However, ALGs break the
end-to-end nature of SIP and, as a consequence, break the security mecha-
nisms for SIP.
B2BUA can also be deployed as anonymizers to ensure caller privacy.References
[1] “The IP Network Address Translator” by K. Egevang and P. Francis. IETF
RFC 1631, May 1994.
[2] “Architectural Implications of NAT” by T. Hain. IETF RFC 2993, 2000.
[3] “Internet Transparency” by B. Carpenter. IETF RFC 2277, February 2000.
[4] “NAT Friendly Application Design Guidelines” by D. Senie. IETF Internet
draft, March 2001, work in progress.
[5] “Common Local Transmit and Receive Ports (Symmetric RTP)” by D. Wing.
IETF Internet Draft, work in progress, June 2005.
[6] “STUN—Simple Traversal of User Datagram Protocol (UDP) Through Net-
work Address Translators (NATs)” by J. Rosenberg, J. Weinberger, C.
Huitema, and R. Mahy. RFC 3489, March 2003.
[7] “Traversal Using Relay NAT(TURN)” by J. Rosenberg, R. Mahy, and C.
Huitema. IETF Internet Draft, work in progress, February 2005.
[8] “Interactive Connectivity Establishment (ICE): A Methodology for Net-
work Address Translator (NAT) Traversal for Offer/Answer Protocols” by
J. Rosenberg. IETF Internet Draft, work in progress, October 2005.
[9] “Best Current Practices for NAT Traversal for SIP” C. Boulton, J. Rosenberg,
and G. Camarillo. IETF Internet Draft, work in progress, October 2005.
[10] “SIP Basic Call Flow Examples” by A. Johnston, et al. IETF RFC 3665,
December 2003.
[11] “Private Extensions to the Session Initiation Protocol (SIP) for Asserted
Identity within Trusted Networks” by C. Jennings, J. Peterson, and M.
Watson. IETF RFC 3325, November 2002.
[12] “Managing Client Initiated Connections in SIP” by C. Jennings et al. Inter-
net Draft, IETF, March 2003.184 Chapter 10