Configuring Network Address Translation (NAT)
Use
Network address translation (NAT) is needed to establish connectivity between private IP address space and public IP address space. This is done by translating the IP address(es) in the headers of IP packets on the network border, usually on a router or firewall. Private IP addresses are translated to public IP addresses in the direction towards the public network, and vice versa.
Data frames carried inside IP packets may also contain embedded IP addresses, such as audio (RTP) endpoint IP addresses. NAT traversal problems occur if these embedded IP addresses are not also translated by NAT (that is, no SIP-aware NAT in use), or if the embedded IP addresses are not provided as public IP addresses already by the sending component, when needed. NAT locations can be used to affect the audio endpoint IP addresses that are provided in the signaling protocols.
A separate NAT location is needed for each private IP address space that connects to a public IP address space, or to another private IP address space. NAT locations are not needed for public IP address spaces. RTP streams to and from a NAT location are routed via a MRS server. Calls within a location are routed directly between the endpoints unless a MRS is needed for other reasons, such as recording.
Location contents (which calls the location applies to) can be defined by IP address ranges or IP networks, network elements, or users. For example, a location that is specified by a SIP trunk network element is applied for all calls that are routed via that SIP trunk.
Enabling DirectAccess
As of 1705, access to CDT over DirectAccess can be enabled:- Define a NAT location with an appropriate DNS name or IPv6 address as an externally
visible address for the MRS dedicated to the NAT location.
- Define the DNS names or IP addresses with the Firewall IP setting. Contact the network administrator for information about internal IPv4 addresses that are assigned to clients when they connect to network using DirectAccess. With this information available, define IP Ranges that include the IP addresses.
- Select the option Use Bypass.
- Make sure Client Workstation Components that support Direct Access are installed as well, that is, version 1705, or newer.
Procedure
To use NAT, do the following:
-
Make sure that there is a MRS module linked to a Call Dispatcher (CD) available in the system. For linking, see Linking Media Routing Server (MRS) to Other Modules
Note:MRS used for NAT location does no more need the option Use for Server-Side Recording. We recommend that you reserve different MRS modules for NAT, prompt playing, and recording.
If you use the same MRS for different purposes, it is possible that recording reserves the MRS so that calls to the NAT location cannot be delivered. Make sure that you define Maximum Number of Simultaneous Recordings and Maximum Number of Simultaneous Prompts in IA as well as Maximum Number of Simultaneous NAT Streams in SC so that MRS can manage all necessary streams.
-
To create a NAT location, go to Managing Locations.
and carry out the following steps. See also-
Click Add New and enter the name and description.
-
Choose the option Network Address Translation (NAT).
-
Define the location contents in one or more of the following ways:
Table 1. Location Contents Item
Description
IP Ranges
Define either an IP Range or a Subnet where NAT is applied. IP addresses must be outside public IP addresses.
Network Elements
Choose one or more of the trunks. NAT is applied to the calls that are routed via that trunk.
Users
Add users or user groups.
Note: NAT is triggered by a caller’s visible A number, when the setting Show Original Caller and Location is selected in , and a caller’s extension number when the above setting is Show Masked Caller but Original Location. For more information, see Managing Signaling. -
Allocate and configure a MRS module for NAT in the MRS Allocations block.
Table 2. MRS Configuration Item
Description
MRS Module
Select the MRS module through which the audio will be routed.
Note: If the Firewall IP, User IP, or Use Bypass setting is taken into use as well, dedicate this MRS module only for NAT.Priority
Add the priority value as an integer number, for example 50, 60, 70, even if there is one MRS only.
Calls are routed to the MRS server that has the highest priority number if only it has resources (slots) available. One MRS can handle up to 800 streams simultaneously, define the priorities of different MRS modules so that the performance is optimal and other MRS functions are not compromised.
Firewall IP
Define the MRS public external IP address that clients can access in a scenario where MRS has a private IP address that is statically translated on the network border to a public outside IP address.
As of 1705, a 255-character long IP address can be defined. It is required when you define a NAT location for enabling DirectAccess. Define an appropriate DNS name or IPv6 address as an externally visible address for the MRS dedicated to this NAT location.
User IP
Define the MRS IP address (and network interface) that is used for audio (RTP) towards the location in a scenario where the MRS server has several network interfaces that connect to different networks. This IP address must be reachable from the location. The audio path continues from MRS to the counterpart using the MRS virtual unit’s IP address (and network interface), or the IP Address for RTP Stream if that is configured for the MRS server.
To use this value:
-
Stop MRS in IA
-
Modify User IP in SC.
-
Wait for a while.
-
Start MRS.
Maximum Number of Simultaneous NAT Streams
Define the maximum number of calls that can be allocated to this MRS. The default value is 100.
Note: Each Call Dispatcher (CD) module that this MRS is linked to reserves the defined number of streams. For example, with two CDs and Maximum Number of Simultaneous NAT Streams definition 100, the totally 200 simultaneous streams are reserved.Use Bypass
Select this option to define that MRS uses the sender IP address and port from the first received RTP packet as the destination IP address and port for RTP sent towards the location. This is needed when NAT is performed on the client network border.
To enable DirectAccess, select this option in the NAT location defined for that purpose.
-
-
Save your entries.
-
-
To take NAT into use:
-
Select the Use NAT checkbox in .
-
Save your entries.
-
(In versions prior SP07, restart the CD where the MRS is linked to.)
-
Example
For configuration examples with figures, see Installation Guide.