CZECH - Huatech a.s. - NETWORK - AR1220 - The problem with users behind NAT.

Publication Date:  2015-11-15 Views:  417 Downloads:  0
Issue Description

Our enterprise customer was using our AR1220 as a route, and enable the PBX service and Nat feature of AR at the same time. Customer hope the sip terminal (TE desktop and TE mobile) could register to AR1220 and could communicate each other.

the topology:

issue phenomenon:

A can’t make a voice call to C (SIP signaling doesn’t work properly) but C can make voice call to A and the connection build normally, but C could’t hear A’s voice, A could hear C’s voice.

Handling Process
1. check with our end customer about issue scenario and issue description first.
2.request our customer to capture network packets from AR1220( make g0/0/0 as observed port), and supply the configuration of AR.
3.Analysing the network packets, we found the media stream only in one direction. For example, C make a call to A and A accept this call, we can found the media stream from C to A, but couldn't the rightabout stream.
4.we checked the configuration of AR, we found customer have enabled sip alg in AR.
5.After we make a same test in our lab, we found the AR's sip alg could solve the issue under this scenario, but SBC feature of AR could.
6.After enable SBC feature in AR, customer 's issue solved.
Root Cause
Under this issue scenario, terminal A and C work under seperate subnet, so they have their own subnet IP address.
AR1220 work as a PBX server, so A and C will register to AR.
A and AR 1220 is in same one subnet, so AR will record A's subnet address and this subnet address is attainable to itself.
C is in remote side, and its IP address will be contained in SIP message (application level protocol). Since AR's sip alg won't convert C's subnet IP to public IP when C's registration message from outside to AR's inside, AR only record C's subnet IP, and this subnet IP isn't attainable to AR.
Based on above circumstance,  AR could send A's media stream to C correctly, and this cause C couldn't hear A's voice.
Solution

disable AR's sip alg, just enable the SBC feature in AR as following.

 

[R8-AR1220-voice]display this

[V200R006C10SPC300]

#

voice

 voip-address media interface GigabitEthernet 0/0/0 192.168.10.82

voip-address signalling interface GigabitEthernet 0/0/0 192.168.10.82

voip-address media interface LoopBack 1 192.168.10.83

voip-address signalling interface LoopBack 1 192.168.10.83

pbx number-parameter 64 0

sbc media-relay interface GigabitEthernet 0/0/1 external

#

return

[R8-AR1220-voice]sipserver

[R8-AR1220-voice-sipserver]display this      

[R8-AR1220-voice-sipserver]display this

[V200R006C10SPC300]

#

sipserver

  signalling-address ip 192.168.10.82 port 5060

  media-ip 192.168.10.82

  register-uri huawei.com

  home-domain huawei.com

  sbc signalling-proxy enable

  sbc media-proxy enable

  sbc mapped-signalling-address ip 6.6.6.6 port 5060

  sbc mapped-media-ip 6.6.6.6

  codec-priority 0 9 20

#

Return

END