I’ve run into this several times. If an asterisk server is behind a firewall using NAT, you need to modify sip.conf for sip clients to work properly. Without it audio can be one-way or broken altogether.
You’ll need the external hostname of the asterisk server (e.g. asterisk.company.com) external ip of the asterisk server (e.g. 123.123.123.123), and the internal network addressing (e.g. 192.168.1.x with subnet mask of 255.255.255.0)
from a ssh session in terminal:
nano /etc/asterisk/sip.conf
replace contents of file with this:
; Note: If your SIP devices are behind a NAT and your Asterisk
; server isn’t, try adding “nat=1″ to each peer definition to
; solve translation problems.[general]
externhost = asterisk.company.com
externip=123.123.123.123 ; the ip address your ISP gives you
localnet=192.168.1.0/255.255.255.0
nat=yes
port = 5060 ; Port to bind to (SIP is 5060)
bindaddr = 0.0.0.0 ; Address to bind to (all addresses on machine)
disallow=all ; Modify these to meet your codec needs
allow=ulaw
allow=alaw
allow=g729
allow=gsm; If you need to answer unauthenticated calls, you should change this
; next line to ‘from-trunk’, rather than ‘from-sip-external’.
; You’ll know this is happening if when you call in you get a message
; saying “The number you have dialed is not in service. Please check the
; number and try again.”
context = from-sip-external ; Send unknown SIP callers to this context
callerid = Unknown
tos=0×68; #, in this configuration file, is NOT A COMMENT. This is exactly
; how it should be.
#include sip_nat.conf
#include sip_custom.conf
#include sip_additional.conf[control-x to exit, Y to save the file]
amportal stop
amportal start
The last two commands will stop and start your server quickly (and rather rudely to users), so restart asterisk in whatever way makes sense.
For NAT to work for external phones, the extension will need to have nat=yes specified, and the phone will have to have it specified as well. The procedure for different types of phones varies.
