Network Topology

Last Updated : Dec 05, 2022 |

Navigation: System Settings > System > LAN1 > Network Topology

These settings are used for support of external SIP trunks when not using an SBC. They are also used for supporting remote SIP/H323 extensions.

Network Address Translation (NAT) Overview

The network address translation (NAT) done by firewalls can affect VoIP calls. Two methods that can be used to overcome this are STUN or TURN.


NAT Method	Description
STUN	STUN ("Session Traversal for NAT") is a mechanism to overcome the effect of some NAT firewalls. In summary: The device configured for STUN sends test packets to the STUN server address. These go through the firewall NAT process. The STUN server replies, including in the reply copies of the original packets it received. By comparing the packets sent and received, the sender can try to determine the type of NAT applied. It can then modify future packets it sends to other destinations to overcome the effects of the firewall NAT.
TURN	TURN ("Traversal Using Relays around NAT") is a NAT traversal mechanism that works by relaying all traffic via a TURN server. This is typically a TURN service provided by the customer's SBC.

STUN allows direct connection between the sender and receiver once setup, but is more restricted in the types of NAT with which it can work. TURN supports more types of NAT, but also needs to relay all traffic between the sender and receiver via the TURN server. STUN is easier to implement and maintain compared to TURN, however most SBC devices support TURN.

Configuration Settings

These settings must be edited offline. To enter offline editing, select Menu Bar Current User Icon > Offline Mode.

General

These settings are used by the IP Office for connection to a STUN server to support SIP trunks.


Field	Description
IP Office STUN Server	Default = Blank The IP address or fully qualified domain name (FQDN) of the STUN server the IP Office should use. The system will send basic SIP messages to this destination and from data inserted into the replies can try to determine the type NAT changes being applied by any firewall between it and the ITSP.
Port	Default = 3478. Sets the port to which the STUN requests are sent.
Run STUN	This button tests STUN operation between the system LAN using the settings above. The results are used to automatically fill the NAT fields with appropriate values discovered by the system. A information icon is then shown against the fields to indicate that the values were automatically discovered rather than manually entered. Before using Run STUN, the SIP trunk must be configured.
Run STUN on startup	Default = Off This option is used in conjunction with values automatically discovered using Run STUN. When selected, the system reruns STUN discovery whenever the system is rebooted or connection failure to the SIP server occurs.

WebRTC

These settings are used for remote User Portal users using WebRTC (Softphone mode) to make and receive calls using STUN and/or TURN. The values set are provided to the remote user portal sessions through their normal MTCTI connection.


Field	Description
WebRTC Client STUN Server	Default = Blank (use `stun.freeswitch.org:3478`) Set the IP address or FQDN of the STUN server that the clients should use.
Port	Default = 3748 The port the clients should use for STUN.
WebRTC Client Turn Server	Default = Blank This is used for solutions that use a TURN service configured on an SBC. It provides the IP address or FQDN of the TURN service. You can add the required port by adding `:<port number>`. For example add `:3748` to the address or FQDN. You can set the required transport method by adding `?transport=udp` or `?transport=tcp` to the address or FQDN. By default UDP is assumed. The TURN server connection uses the name and password of an IP Office service user. The service user must be a member of the security rights group TURN Server with TURN Server Connection enabled. On new and defaulted systems, a service user called TURNServer exists and is a member of the TURN Server rights group. However the service user is disabled by default. The details of the TURN server address, name and password are passed to IP Office User Portal sessions using their MTCTI connection to the IP Office.

NAT

The following fields can be completed either manually or the system can attempt to automatically discover the appropriate values using Run STUN.

To complete the fields automatically:

Check that the SIP trunk to the ITSP is configured.
Set the IP Office STUN Server address.
Test STUN by clicking Run STUN.
Close and reload the configuration. If STUN was successful, the remaining fields are updated using the results. A icon is shown against the fields to indicate that the values were automatically discovered rather than manually entered.


Field	Description
Firewall/NAT Type	Default = Unknown The settings here reflect different types of network firewalls. For descriptions of the various options, see the table below.
Binding Refresh Time (seconds)	Default = 0 (Never). Range = 0 to 3600 seconds. To keep the firewall port open for incoming calls, the system can send recurring `SIP OPTIONS` requests to the remote proxy terminating the trunk. This setting configures the frequency of those requests. If you do not set a binding refresh time, you may experience problems receiving inbound SIP calls after a short period of normal operation.
Public IP Address (IPv4)	Default = 0.0.0.0 If no address is set, the system's LAN1 address is used.
SIP Registrar public ports	The public port values for UDP, TCP, and TLS. UDP - Default = 5060 TCP - Default = 5056 TLS - Default = 5061


Firewall/NAT Type	Description
Blocking Firewall	–
Full Cone NAT	A full cone NAT is one where: All requests from the same internal IP address and port are mapped to the same external IP address and port. Any external host can send a packet to the internal host, by sending a packet to the mapped external address. SIP packets need to be mapped to NAT address and Port. Any host in the internet can call on the open port. The local info in the SDP will apply to multiple ITSP Hosts.
Open Internet	If this mode is selected, the IP Office ignores settings obtained by STUN lookups. The IP address used is that of the IP Office system's LAN interface.
One-To-One NAT	This setting supports deployments where the IP Office is behind a NAT that performs IP address translation but not port mappings. All required ports must be open on the NAT. When set to One-To-One NAT, the following configuration settings are applied and cannot be edited. The NAT > SIP Registrar public ports values are set to 0. The LAN1 > VoIP > SIP Registrar Enable remote protocol port values are set to equal their corresponding local protocol port values. The LAN1 > VoIP > RTP > Port Number Range (NAT) RTP \| Port Number Range (NAT) values are set to equal the corresponding Port Number Range values.
Port Restricted Cone NAT	Similar to a Restricted Cone NAT, but the restriction includes port numbers. Specifically, an external host can send a packet, with source IP address X and source port P, to the internal host only if the internal host had previously sent a packet to IP address X and port P. SIP packets needs to be mapped. Keep-alives must be sent to all ports that will be the source of a packet for each ITSP host IP address. If this type of NAT/Firewall is detected or manually selected, no warning will be displayed for this type of NAT. Some Port Restricted NAT's have been found to be more symmetric in behavior, creating a separate binding for each opened Port, if this is the case the manager will display a warning `‘Communication is not possible unless the STUN server is supported on same IP address as the ITSP’` as part of the manager validation.
Restricted Cone NAT	A restricted cone NAT is one where all requests from the same internal IP address and port are mapped to the same external IP address and port. Unlike a full cone NAT, an external host (with IP address X) can send a packet to the internal host only if the internal host had previously sent a packet to IP address X. SIP packets needs to be mapped. Responses from hosts are restricted to those that a packet has been sent to. So if multiple ITSP hosts are to be supported, a keep alive will need to be sent to each host. If this type of NAT/Firewall is detected or manually selected, no warning will be displayed for this type of NAT.
Static Port Block	Use the RTP Port Number Range specified on the VoIP tab without STUN translation. Those ports must be fixed as open on any NAT firewall involved
Symmetric Firewall	SIP packets are unchanged but ports need to be opened and kept open with keep-alives. If this type of NAT is detected or manually selected, a warning `‘Communication is not possible unless the STUN server is supported on same IP address as the ITSP’` is displayed as part of the manager validation.
Symmetric NAT	A symmetric NAT is one where all requests from the same internal IP address and port, to a specific destination IP address and port, are mapped to the same external IP address and port. If the same host sends a packet with the same source address and port, but to a different destination, a different mapping is used. Furthermore, only the external host that receives a packet can send a UDP packet back to the internal host. SIP Packets need to be mapped but STUN will not provide the correct information unless the IP address on the STUN server is the same as the ITSP Host. If this type of NAT is detected or manually selected, a warning `‘Communication is not possible unless the STUN server is supported on same IP address as the ITSP’` is displayed as part of the manager validation.
Unknown	The type of NAT is unknown or could not be determined.

SBC

These settings are used to provide values to remote extensions that connect to the IP Office through an ASBCE. The values set are passed to the phones using methods that vary depending on the phone type. For example, by altering the values in the auto-generated 46xxsettings.txt file when requested by a remote phone.

These settings replace the RW_SB... NoUser source numbers used in pre-R11.1.2.4 systems, which should be removed once replaced with these values.


Field	Description
Public IP Address (IPv4)	Default = Blank The public IPv4 address that routes to the public/external side of the ASBCE. Depending on the customer network, this can be the public IP address of another device such as a firewall that forwards to the SBC.
Public IP Address (IPv6)	Default = Blank As above but using an IPv6 address. Use of an IPv6 address is supported for: Avaya Workplace Client R3.35 (Android and iOS). IP Office R11.1.3.1 or higher. ASBCE 10.1.2 or higher. The IP Office supports IPv6 addresses in the following formats: Full address: For example, 2001:0000:040F:0000:0000:0000:805B:001B. Replace one series of :0000: parts with ::. For example, 2001:0000:040F::805B:001B. Replace any individual :0000: parts with :0:. For example, 2001:0:040F::805B:001B. Remove leading 0 zeros after any : colon. For example, 2001:0:40F::805B:1B. For further information, see the Deploying Remote IP Office SIP Phones with an ASBCE manual.
Private IP Address (IPv4)	Default = Blank The private IPv4 address of the ASBCE.
FQDN	Default = Blank The fully-qualified domain name of the ASBCE. You must set this value. The IP Office uses this value in the auto-generated `46xxsettings.txt` file requested by remote Avaya Workplace Client extensions. For other remote SIP extensions, the IP Office uses the SIP Registrar FQDN. The customer DNS must resolve this FQDN to an IP address that routes to the IP Office. That is: For remote extensions, the external IPv4 address of the Avaya SBC or customer firewall that routes to the IP Office. If supporting remote Avaya Workplace Client extensions using IPv6, the FQDN must resolve to both the external IPv4 and IPv6 addresses of the Avaya SBC or customer firewall that routes to the IP Office.
SBC Registrar public ports	The public ports on which the ASBCE is configured to listen for incoming SIP call. UDP - Default = 5060 TCP - Default = 5056 TLS - Default = 5061

Send Feedback

AVAYA DOCUMENTATION CENTER

No results found