Nat types, Simple traversal of udp through nat – Cisco Linksys SPA9000 User Manual
Page 24
1-10
Linksys SPA9000 Administrator Guide
Document Version 3.01
Chapter 1 Using the Linksys Voice System
Technology Background
NAT Types
The different types of NAT implementation are sometimes divided into the following categories:
•
Full cone NAT—Also known as one-to-one NAT. All requests from the same internal IP address and
port are mapped to the same external IP address and port. An external host can send a packet to the
internal host, by sending a packet to the mapped external address
•
Restricted cone NAT—All requests from the same internal IP address and port are mapped to the
same external IP address and port. Unlike a full cone NAT, an external host can send a packet to the
internal host only if the internal host had previously sent a packet to it.
•
Port restricted cone NAT/symmetric NAT—Port restricted cone NAT or symmetric NAT is like a
restricted cone NAT, but the restriction includes port numbers. Specifically, an external host can
send a packet to a particular port on the internal host only if the internal host had previously sent a
packet from that port to the external host.
With symmetric NAT all requests from the same internal IP address and port to a specific destination IP
address and port are mapped to a unique external source IP address and port. If the same internal host
sends a packet with the same source address and port to a different destination, a different mapping is
used. Only an external host that receives a packet can send a UDP packet back to the internal host.
Simple Traversal of UDP Through NAT
Simple Traversal of UDP through NATs (STUN) is a protocol defined by RFC 3489, which allows a
client behind a NAT device to find out its public address, the type of NAT it is behind, and the port
associated on the Internet connection with a particular local port. This information is used to set up UDP
communication between two hosts that are both behind NAT routers. Open source STUN software can
be obtained at the following website:
STUN does not work with a symmetric NAT router. To determine the type of NAT your router uses,
complete the following steps:
Step 1
Enable debugging on the SPA9000:
1.
Make sure you do not have firewall running on your PC that could block the syslog port (by default
this is 514).
2.
On the administration web server, System tab, set <Debug Server> to the IP address and port number
of your syslog server.
Note that this address and port number has to be reachable from the SPA.
3.
Set <Debug level> to 3 but you do not need to change the value of the <syslog server> parameter.
4.
To capture SIP signaling messages, under the Line tab, set <SIP Debug Option> to Full. The output
is named syslog.514.log.
Step 2
To determine the type of NAT your router is using set <STUN Test Enable> to yes.
Step 3
View the syslog messages to determine whether your network uses symmetric NAT.