Norstar Version - IP Office Info
Norstar Version - IP Office Info
Norstar Version - IP Office Info
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
STUN Settings for Network<br />
These settings are used if S<strong>IP</strong> trunks are added to the phone system's configuration using the S<strong>IP</strong> Trunk Administration<br />
91 menu. These settings are necessary to allow S<strong>IP</strong> connections from the network on which the phone system is attached<br />
to reach the public network on which the S<strong>IP</strong> provider is located.<br />
The following fields can be completed either manually or the phone system can attempt to automatically discover the<br />
appropriate values. To complete the fields automatically, only the STUN Server <strong>IP</strong> Address is required. STUN operation<br />
is then tested by clicking Run STUN. If successful the remaining fields are filled with the results.<br />
· Enable STUN: Default = Off<br />
This field is used to select whether STUN is used or not.<br />
· STUN Server <strong>IP</strong> Address: Default = Blank<br />
This is the <strong>IP</strong> address of the line providers S<strong>IP</strong> STUN server. The phone system will send basic S<strong>IP</strong> messages to this<br />
destination and from data inserted into the replies can try to determine the type ITSP NAT changes being applied<br />
by any firewall between it and the ITSP.<br />
· STUN Port: Default = 3478<br />
Defines the port to which STUN requests are sent if STUN is used.<br />
· Firewall/NAT Type: Default = Unknown<br />
The settings here reflect different types of network firewalls.<br />
· Blocking Firewall<br />
Allow outgoing TFTP WRQ. Typically this will be the case. It has been observed that the Avaya corporate<br />
firewall permits outgoing TFTP RRQ.<br />
· Symmetric Firewall<br />
S<strong>IP</strong> packets are unchanged but ports need to be opened and kept open with keep-alives. If this type of NAT is<br />
detected or manually selected, a warning ‘Communication is not possible unless the STUN server is supported<br />
on same <strong>IP</strong> address as the ITSP will be displayed as part of the manager validation.<br />
· Open Internet<br />
No action required. If this mode is selected, STUN lookups are not performed.<br />
· Symmetric NAT<br />
A symmetric NAT is one where all requests from the same internal <strong>IP</strong> address and port, to a specific destination<br />
<strong>IP</strong> address and port, are mapped to the same external <strong>IP</strong> address and port. If the same host sends a packet<br />
with the same source address and port, but to a different destination, a different mapping is used.<br />
Furthermore, only the external host that receives a packet can send a UDP packet back to the internal host.<br />
S<strong>IP</strong> Packets need to be mapped but STUN will not provide the correct information unless the <strong>IP</strong> address on the<br />
STUN server is the same as the ITSP Host. If this type of NAT/Firewall is detected or manually selected, a<br />
warning ‘Communication is not possible unless the STUN server is supported on same <strong>IP</strong> address as the ITSP’<br />
will be displayed as part of the manager validation.<br />
· Full Cone NAT<br />
A full cone NAT is one where all requests from the same internal <strong>IP</strong> address and port are mapped to the same<br />
external <strong>IP</strong> address and port. Furthermore, any external host can send a packet to the internal host, by<br />
sending a packet to the mapped external address. S<strong>IP</strong> packets need to be mapped to NAT address and Port;<br />
any Host in the internet can call in on the open port, that is the local info in the SDP will apply to multiple ITSP<br />
Hosts.<br />
· Restricted Cone NAT<br />
A restricted cone NAT is one where all requests from the same internal <strong>IP</strong> address and port are mapped to the<br />
same external <strong>IP</strong> address and port. Unlike a full cone NAT, an external host (with <strong>IP</strong> address X) can send a<br />
packet to the internal host only if the internal host had previously sent a packet to <strong>IP</strong> address X. S<strong>IP</strong> packets<br />
needs to be mapped. Responses from hosts are restricted to those that a packet has been sent to. So if<br />
multiple ITSP hosts are to be supported, a keep alive will need to be sent to each host. If this type of NAT/<br />
Firewall is detected or manually selected, no warning will be displayed for this type of NAT.<br />
· Port Restricted Cone NAT<br />
A port restricted cone NAT is like a restricted cone NAT, but the restriction includes port numbers. Specifically,<br />
an external host can send a packet, with source <strong>IP</strong> address X and source port P, to the internal host only if the<br />
internal host had previously sent a packet to <strong>IP</strong> address X and port P. S<strong>IP</strong> packets needs to be mapped. Keepalives<br />
must be sent to all ports that will be the source of a packet for each ITSP host <strong>IP</strong> address. If this type of<br />
NAT/Firewall is detected or manually selected, no warning will be displayed for this type of NAT. However,<br />
some Port Restricted have been found to be more symmetric in behavior, creating a separate binding for each<br />
opened Port, if this is the case the manager will display NATs a warning ‘Communication is not possible unless<br />
the STUN server is supported on same <strong>IP</strong> address as the ITSP’ as part of the manager validation.<br />
· Unknown<br />
Use this setting if the other settings are unsuitable<br />
· Static Port Block<br />
Use the RTP port range 49152 to 53246.<br />
<strong>Norstar</strong> <strong>Version</strong> 7.0 Manager Page 116<br />
<strong>IP</strong> <strong>Office</strong> Essential Edition<br />
- Issue 03a (21 February 2011)