Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Operator » Operator behind NAT & remote location behind NAT (Advantage NAT traversal)
  •  
2the Maxx Technology

Messages: 15

Karma: 0
Send a private message to this user
We found out some advantages using te following configuration:

Office:
Operator behind the firewall (NAT) in our private network
SIP port 5060 UDP forwarded to Operator
Everything works ok

Remote location:
Phones behind the firewall (NAT)
Phones ringing, no audio
Mark for extention behind NAT makes no difference

Mobile network:
Android Phones using SIP clients
Direct in the public network (no NAT)
Calling the office works fine
Calling another mobile SIP client, same problem as above

Do you have any idea?
Ron

[Updated on: Fri, 01 July 2011 15:44]

  •  
Filip Jenicek (Kerio)

Messages: 1094
Karma: 80
Send a private message to this user
Dear Ron

I'm not sure if I understood your network configuration correctly, but the most common setup usually looks like this.

[Office]<---NAT N:1--->[Internet]<------------->[Mobile public]
                                 <---NAT 1:N--->[Mobile]
                                 <---NAT 1:N--->[Home]

Let's say that Operator is located in the Office network. In order to make things work you have to do the following:

  1. Phones in the [Office] network

    1. no special setup required
    2. can connect to the private address of Operator

  2. Phones in the [Mobile public] network

    1. View the System->Network screen of Operator

      • Check "NAT enabled"
      • Type your public IP address in the "Public IP Address" field
      • Modify the RTP port range (optional) e.g. 10000-19999
      • The "Local IP Addresses" group should contain only
        addresses from your [Office] network (see screen "IP Address Groups")

    2. Configure your [Office] firewall

      • forward udp port 5060 to the private ip address of Operator
      • forward RTP ports e.g. 10000-19999


  3. Phones in [Mobile] and [Home]

    1. besides (2) you have to check "Extension is behind NAT" for each Extension. (See tab advanced in the Edit Extension dialogue)
    2. The [Home/Mobile] and [Office] networks should better be different. I haven't tested a scenario where they are the same in terms of CIDR. Moreover, the [Home/Mobile] network should not be included in the "Local IP Addresses" group.


I hope this small how-to helped a bit.

Best Regards
Filip
  •  
ICT and Me

Messages: 940

Karma: 53
Send a private message to this user
Filip,
I got the same problems. Vladimir has sent me to this topic, but i got the same setting you say.
but it isn't working. Firewall = Kerio Control latest version( Read beta if there is).
Operator latest version (also read beta if there is) it's the beta btw.
Tested with X-lite softphone. Connection trough the internet (privat IP -> NAT Public to Public -> (Control) NAT privat IP) audio doesn't work. But when using VPN client to Control and to Operator audio is perfect.

So what is going wrong?


ICT and Me
Carlo Turk
The Netherlands
www.ictandme.nl
  •  
Filip Jenicek (Kerio)

Messages: 1094
Karma: 80
Send a private message to this user
Hi Carlo!

Thank you for the feedback. In my lab conditions it works just fine. However, I've asked our QA department to verify the NAT functionality in the outside world.

Hopefully I'll get back to you soon.

Filip
  •  
ICT and Me

Messages: 940

Karma: 53
Send a private message to this user
UPDATE on this subject. <_at_> Filip and the Dutch resellers.
I have tested it again with Hotspots, WiFi by friends/customers and over 3G (HSDPA/UMTS). I can say it works perfect now.
The problem here by ICT and Me was Control (firewall settings). I have created a Inbound and Outbound rule. Within both rules the services attached. But when I use the RTP service (Operator) that is in Control it wasn't working. I have changed that specific service and now it's working. But it also work the best with a Inbound rule and Outbound rule. Connecting, Sound both ways works like charme.

ICT and Me
Carlo Turk
The Netherlands
www.ictandme.nl
  •  
Piskota

Messages: 48

Karma: 0
Send a private message to this user
Hi.

And what is the rule.
I configure Controll in and out rule for SIP protocol(5060) and rtp (UDP 10000-19999). But my phone's not working,only local phone work god.
  •  
ICT and Me

Messages: 940

Karma: 53
Send a private message to this user
@ Janos, jó napot kívánok.
Van egy kép képet adnak a beállításokat a "Control", mert nekem működik.

I have added a screenshot of my Control settings.
With this settings it's working.

[Updated on: Tue, 16 August 2011 09:10]


ICT and Me
Carlo Turk
The Netherlands
www.ictandme.nl
  •  
2the Maxx Technology

Messages: 15

Karma: 0
Send a private message to this user
Hi,

Sorry for my delayed reply.
Thx for your help, the problem was in the routing of RTP indeed.

System works fine.

Cheers,
Ron
Previous Topic: Kerio Operator
Next Topic: Upgrade to 1.1.1
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 18 20:52:29 CET 2017

Total time taken to generate the page: 0.00503 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.