User's Manual

ManualsBrandsAvaya ManualsGatewayAvaya B5800 Branch Gateway Manager

141

142

143

144

145

146

147

148

149

150

Avaya Branch Gateway Manager 10.0 Page 149

15-601011 Issue 29r (Friday, November 02, 2012)B5800 Branch Gateway

Configuration Settings: System

5.3.2.3 Network Topology

STUN (Simple Traversal of UDP through NAT) is a mechanism used with overcome the effect of NAT firewalls. The

network address translation (NAT) action performed by this type of firewall can have negative effects on VoIP calls.

Test packets are sent by the system to the address of the external STUN server, those packets crossing the firewall in

the process. The STUN server replies and includes copies of the packets it received in the reply. By comparing the packet

sent and received, it is possible for the system to determine the type of NAT firewall and to modify future packets to

overcome the effects of the firewall.

· These settings are used for SIP trunk connections from the LAN. For further details of system SIP operation refer

to the SIP Line section. The use of STUN is unnecessary if the SIP ITSP uses a Session Border Controller

(SBC).

Usability

· Mergeable: These settings are not mergeable. Changes to these settings will require a reboot of the system.

Configuration Settings

The following fields can be completed either manually or the system can attempt to automatically discover the

appropriate values. To complete the fields automatically, only the STUN Server IP Address is required. STUN operation is

then tested by clicking Run STUN. If successful the remaining fields are filled with the results.

· STUN Server IP Address: Default = Blank

This is the IP address of the SIP ITSP's STUN server. The system will send basic SIP messages to this destination and

from data inserted into the replies can try to determine the type NAT changes being applied by any firewall between it

and the ITSP.

· STUN Port: Default = 3478.

Defines the port to which STUN requests are sent if STUN is used.

· Firewall/NAT Type: Default = Unknown

The settings here reflect different types of network firewalls. Options include Blocking Firewall, Symmetric Firewall

, Open Internet, Symmetric NAT, Full Cone NAT, Restricted Cone NAT, Port Restricted Cone NAT, Static

Port Block and Unknown.

· Open Internet

No action required. If this mode is selected, settings obtained by STUN lookups are ignored. The IP address used is

that of the system LAN interface.

· Symmetric Firewall

SIP packets are unchanged but ports need to be opened and kept open with keep-alives. If this type of NAT is

detected or manually selected, a warning ‘Communication is not possible unless the STUN server is supported on

same IP address as the ITSP’ will be displayed as part of the manager validation.

· Full Cone NAT

A full cone NAT is one where all requests from the same internal IP address and port are mapped to the same

external IP address and port. Furthermore, any external host can send a packet to the internal host, by sending a

packet to the mapped external address. SIP packets need to be mapped to NAT address and Port; any Host in the

internet can call in on the open port, that is the local info in the SDP will apply to multiple ITSP Hosts. No warning

will be displayed for this type of NAT because the system has sufficient information to make the connection).

· Symmetric NAT

A symmetric NAT is one where all requests from the same internal IP address and port, to a specific destination IP

address and port, are mapped to the same external IP address and port. If the same host sends a packet with the

same source address and port, but to a different destination, a different mapping is used. Furthermore, only the

external host that receives a packet can send a UDP packet back to the internal host. SIP Packets need to be

mapped but STUN will not provide the correct information unless the IP address on the STUN server is the same as

the ITSP Host. If this type of NAT/Firewall is detected or manually selected, a warning ‘Communication is not

possible unless the STUN server is supported on same IP address as the ITSP’ will be displayed as part of the

manager validation.

· Restricted Cone NAT

A restricted cone NAT is one where all requests from the same internal IP address and port are mapped to the same

external IP address and port. Unlike a full cone NAT, an external host (with IP address X) can send a packet to the

internal host only if the internal host had previously sent a packet to IP address X. SIP packets needs to be mapped.

Responses from hosts are restricted to those that a packet has been sent to. So if multiple ITSP hosts are to be

supported, a keep alive will need to be sent to each host. If this type of NAT/Firewall is detected or manually

selected, no warning will be displayed for this type of NAT.

236