NAT is one of the many problems that VoIP has which causes one way audio, call being dropped and clients becoming unreachable. People have devised many ways other than asterisk to overcome the problem and there fore here in this article I discuss about using Asterisk with clients (SIP phones ) behind NAT.
We can tweak a couple of asterisk settings to get a trouble free operation when we have SIP phones behind NAT that are registering on to Asterisk. In sip.conf we can set nat = yes for respective clients that are behind NAT. However this will not solve the trouble entirely. That setting only helps to modify SIP packets and route them properly. Main characteristic of NAT is, device lying behind NAT can initiate communication with devices of out side world. But the outside devices cannot reach devices behind NAT without a communication path that is already initiated by an inside device.
As we use UDP for most of voip communication, another side effect here is, NAT devices typically Routers close the communication path after certain time. Thus after a while, the out side device cannot reach natted devices due to the connection being closed by the router. To circumvent this, periodically we need to send keep-alive packets. So one more setting that will save us for owes of NAT is 'qualify' . For SIP devices which are behind NAT we need to set qualify = yes. If we set qualify = yes asterisk will periodically send NOTIFY packets to SIP device. qualify also takes milliseconds as a parameter so, if you set qualify = 1000 a client will be deemed as unreachable if asterisk doesn't receive a replay from SIP device in 1 second. Some intelligent SIP devices will send keep-alive packets automatically when they detect they behind nat, so we don't need to set qualify for them.