Use the NAT Traversal window to configure NAT traversal settings for SIP trunk groups. This section describes the various parameters associated with network-hosted NAT/NAPT traversal for SIP endpoints.

To View and Edit NAT Traversal Parameters

On the SBC main screen, go to Configuration > System Provisioning > Category: Trunk Provisioning > Trunk Group > SIP Trunk Group > Services > NAT Traversal. The NAT Traversal window displays.

Use the drop-down lists to select the desired Address Context, Zone and SIP Trunk Group. The Edit NAT Traversal window displays.

NAT Traversal

 

Use the following table to configure the NAT traversal settings for the trunk group and then click Save.

SIP Trunk Group - Services - NAT Traversal parameters


Parameter

Description

Signaling NAT

Indicates whether or not NAT/NAPT support is required for signaling. 

  • Disabled (default)
  • Enabled

Note
The SBC Core does not support NAT traversal for IPv6 calls. Ensure NAT is disabled in pure IPv6 call scenarios.

Media NAT

Specifies whether or not NAT/NAPT support is required for media. 

  • Disabled (default)
  • Enabled
Note

Do not configure Media NAT and Ice Support flags on the same trunk group.

Note
The SBC Core does not support NAT traversal for IPv6 calls. Ensure NAT is disabled in pure IPv6 call scenarios.

Learn NAT For Rtp Only

Enable flag to learn media NAT from the first RTP packet only. If disabled, media NAT is learned from any first packet received. For egress trunk groups, this flag is applicable only if Dynamic LRBT flag is disabled. If Dynamic LRBT is enabled, NAPT learning occurs on arrival of RTP packet until the call is connected, at which point Learn NAT For Rtp Only applies even for egress Trunk Groups. The options are:

  • Disabled (default) 

  • Enabled

Note

The action of this flag does not apply to ICE NAT traversal.

Ice Support

This parameter indicates the type of Interactive Connectivity Establishment (ICE) method used for STUN packet check. The values are:

  • Ice Webrtc - This setting is used when inter-working with Webrtc Gateways, for example the Sonus WRTC Gateway or in situations when the SBC is presented with an ICE SDP from a WebRTC-enabled endpoint.

Note

When configured for this mode, SBC acts as a generic ICE-Lite agent.

  • Ice Lync - This is used when inter-working with a Microsoft Lync 2010 or 2013 client.
  • Ice Full - This is used when inter-working with a full ICE client which requires a STUN connectivity check to be generated by the SBC in response to its own STUN connectivity check.
Note

For MS Lync ICE (Ice Lync setting), keep-alive messages are sent only to the RTP port.

Note

Ribbon recommends to avoid configuring both Media Nat and ICE Support on the same Trunk Group because these configurations are independent mechanisms for solving NAT traversal issues. Because of of this, these configurations should not coexist on the same Trunk Group.

Note

The parameter, Learn NAT For Rtp Only, does not apply to ICE and should not be enabled for the Trunk Group with ICE Support enabled.

The SBC's ICE support capability is not supported for GW-GW call scenarios.

Refer to SDP Support for a detailed description on Ice Support.

Ice Keepalive Timer

Specifies the keep alive timer in full-ICE and MS-Lync ICE. The value ranges from 0 to 60 seconds and the default value is 15 seconds.

Note

The Ice Keepalive Timer appears only when the Ice Support flag is set to Ice Full or Ice Lync.

TCP Keepalive Timer

This NAT TCP keep-alive timer sets the registration refresh rate (in seconds) for SIP over TCP. (default = 240).

Ice Trickle

Use this flag to enable Trickle Ice Support for the trunk group.

  • Disabled (default)
  • Enabled

UDP Keepalive Timer

This NAT UDP keep-alive timer sets the registration refresh rate (in seconds) for SIP over UDP. (default = 60).

Outbound Tcp Keepalive Timer

Specifies the NAT outbound keepalive timer (in seconds) for SIP over TCP. The value ranges from 0 to 32767 and the default value is 240. 

Outbound Udp Keepalive Timer

Specifies the NAT outbound keepalive timer (in seconds) for SIP over UDP. The value ranges from 0 to 32767and the default value is 60. 

Secure Media NAT Prefix

Use this parameter to match up to 'N' bits of the network IPv4 address obtained from signaling. If set to "0", feature is disabled, and no match of network IP address will occur.  The value ranges from 0 to 32 and the default value is 0.
Ice TCP Role

Use this flag to specify if SBC initiates the TCP connection for ICE Lync. The options are:

  • Passive (default): The SBC waits for the peer to initiate the TCP connection. Use this option when working directly with Lync endpoints.
  • Active:  Use this option for the SBC to initiate the TCP connection when connected to internal-facing trunk groups where the peer is not behind the NAT. Also, use this option when working with certain Unified Communication (UC) servers such as Acano which expect the peer to initiate the TCP connection. This is only supported when there are no NATs between the SBC and the UC server.
Note

Ice TCP Role appears only when the Ice Support flag is set to Ice Full or Ice Lync.

Refer to Configuring SBC and LYNC in Media Environment for configuration details.

Disable Media NAT If Same Media And Sig IP

Enable this flag to disable Media NAT if Media and Signaling IP addresses are identical. This setting is disabled by default. The options are:

  • Disabled (default)
  • Enabled