SIP NAT Function Configuration

To configure the SIP NAT function on an Oracle® Enterprise Session Border Controller (E-SBC):

  1. In Superuser mode, type configure terminal and press Enter. 
    ORACLE# configure terminal
  2. Type session-router and press Enter to access the system-level configuration elements. 
    ORACLE(configure)# session-router
  3. Type sip-nat and press Enter. The system prompt changes to let you know that you can begin configuring individual parameters. 
    ORACLE(session-router)# sip-nat
ORACLE(sip-nat)#
  4. realm-ID—Enter the name of the realm you want to identify as the external realm.

    The name you use as the realm ID must be unique. No two SIP NAT functions can have the same realm ID. Also, this value must correspond to a valid identifier entry already configured for the realm.

  5. domain-suffix—Enter the domain suffix to identify the domain name suffix of the external realm. The domain suffix must begin with a (.) dot.

    The domain name suffix refers to and must conform to the hostname part of a URI. For example: 

    .netnetsystem.com

    The domain suffix is appended to encoded hostnames that the SIP NAT function creates. For example, if the encoded hostname is ACME-abc123, the resulting FQDN is ACME-abc123.netnetsystem.com.

  6. external-proxy-address—Enter the external proxy address to identify the IPv4 address of the SIP element (for example, a SIP proxy) in the external network with which the E-SBC communicates.

    Enter the value in the IP address format. For example: 

    192.168.11.200
  7. external-proxy-port—Enter the external proxy port value to identify the UDP/TCP port of the SIP element (for example, a SIP proxy) in the external network with which the E-SBC communicates. The default is 5060. The valid range is:

    • Minimum—1025

    • Maximum—65535

  8. external-address—Enter the external address, which is an IPv4 address on the media interface in the external realm.

    Enter the value in the IP address format. For example: 

    192.168.11.101

    This value must be such that any packet with an external address value as its destination address is routed to the E-SBC through the media interface connected to or routable from the external realm.

  9. home-address—Enter the home address, which is an IPv4 address on the network interface in the home realm. This value must be such that any packet with a home address value as its destination address must be routed to the E-SBC through the media interface connected to or routable from the home realm.

    Enter the value in the IP address format. For example: 

    127.0.0.10

    The value entered in this field must be different from the IP address value of the home realm’s network interface element.

    The home realm network interface is associated with this SIP NAT by its realm ID and the realm’s identifier and network interface value you entered when you configured the realm. The realm’s network interface identifier value corresponds to this SIP NAT’s realm ID, the SIP config’s home realm ID, and the media manager’s home realm ID.

  10. home-proxy-address—Enter the home proxy address to set the IP address for the home proxy (from the perspective of the external realm).

    By default, this field is empty. No home proxy address entry signifies there is no home proxy, and the external address will translate to the address of the E-SBC’s SIP proxy.

    Enter the value in the IP address format. For example: 

    127.1.0.10
  11. home-proxy-port—Enter the home proxy port to set the port number for the home realm proxy. The default value is 0. The valid range is:

    • Minimum—0, 1025

    • Maximum—65535

  12. route-home-proxy—Optional. Enable or disable requests being routed from a given SIP-NAT to the home proxy. The default value is disabled. The valid values are:

    • enabled—All inbound requests for a specific SIP NAT are routed to the home proxy

    • disabled—All inbound requests are not routed through the home proxy.

    • forced—The Request is forwarded to the home proxy without using a local policy.

  13. address-prefix—Optional. Indicate the IPv4 address prefix from incoming messages that requires SIP NAT function encoding (regardless of the realm from which these messages came).

    Note:

    This value overrides the value set in the realm’s address prefix field.

    This field’s format incorporates an IPv4 address and number of bits in the network portion of the address. For example, a Class C address has a 24-bit network part. The address prefix for 101.102.103.x would be represented as 10.102.103.0/24.

    The default value is an asterisk (*). When you enter this value or do not enter a value, the realm’s address prefix value is used.

  14. tunnel-redirect—Set to one of the following values to indicate whether certain headers in a 3xx Response message received by the E-SBC are NATed when sent to the initiator of the SIP INVITE message. The default is disabled. The valid values are:

    • enabled—Certain headers in a 3xx Response message are NATed.

    • disabled—Certain headers in a 3xx Response message are not NATed.

  15. use-url-parameter—Establish whether SIP headers will use the URL parameter (configured in the next step) for encoded addresses created by the SIP NAT function. If SIP headers will be used, this value identifies which types of headers will use the URL parameter. The default value is none. The available values include:

    • none—No headers will use the URL parameter for address encoding.

      The following example illustrates the functionality of an E-SBC using a use url parameter value of none: 

      sip: 1234@1.2.3.4 is translated into sip: 1234-acme-xxxx@5.6.7.8

      where -acme-xxxx is a cookie and xxxx is the encoded version of 1.2.3.4.

    • from-to—From and To headers will use the URL parameter for address encoding

      The following example illustrates the functionality of a E-SBC using a use url parameter value of none: 

      sip: 1234@1.2.3.4 is translated into sip: 1234@5.6.7.8; pn=acme-xxxx

      where -acme-xxxx is a cookie and xxxx is the encoded version of 1.2.3.4.

    • all—All headers will use the URL parameter for address encoding. Acme Packet recommends not using this values because other SIP elements or implementations (other than the Oracle® Enterprise Session Border Controller) might not retain the URL parameter in subsequent SIP messages that they send to the Oracle® Enterprise Session Border Controller.

    • phone

      If this field is set to either from-to or all, the E-SBC puts the encoded address of the SIP NAT into a URL parameter instead of using the encoding name inside the userinfo part of the address.

  16. parameter-name—If you have configured the use-url-parameter with the from-to or all value, you need to indicate the hostname prefix.

    The parameter name value is used in SIP NAT encoding addresses that have the use url parameter values of from-to or all.

  17. user-NAT-tag—Enter a value to identify the username prefix used for SIP URIs. The values you can use can include any characters valid for the userinfo part of a URI. This should be made unique for each realm and SIP NAT function.

    The default value is -acme-.

    In combination with the domain suffix and host NAT tag values, this value is used to help the E-SBC identify an encoded URI that it needs to translate when moving between public and private realms.

  18. host-NAT-tag—Enter a value for the host NAT tag field to identify the hostname prefix used for SIP URIs. The value refers to domain labels and can include any characters valid for the hostname part of the URI. This should be made unique for each realm and SIP NAT function.

    The default value is ACME-.

    In combination with the domain suffix and user NAT tag values, this value is used to help the E-SBC identify an encoded URI that it needs to translate when moving between public and private realms.

  19. headers—List the SIP headers you want affected by the SIP NAT function. The URIs in these headers are translated and encrypted, and encryption occurs according to the SIP NAT function rules.

    To enter the full default list, type headers, followed by a Space and -d, then press Enter.

    You can also insert the following tags in SIP NAT headers if you want to replace FQDNs with next hop or SIP interface IP addresses:

    • fqdn-ip-tgt: replaces the FQDN with the target address

    • fqdn-ip-ext: replaces the FQDN with the SIP NAT external address

      Enter the tag using the following format:

      <header-name>=<tag>

      For example:

      To=fqdn-ip-tgt

      The FQDN in a To header is replaced with the target IP address.

      You can insert the following tags to apply NAT treatment to a From header in an INVITE when the gateway sends it into the home realm.

    • ip-ip-tgt: replaces any IP address in the From header with the next hop target

    • ip-ip-ext: replaces any IP address in the From header with the E-SBC’s external address

      To view all SIP NAT function parameters, enter a ? at the system prompt. The following example shows SIP NAT configuration for peering network. 

      sip-nat
        realm-id                       peer-1
        domain-suffix                  .p1.acme.com
        ext-proxy-address              192.168.11.200
        ext-proxy-port                 5060
        ext-address                    192.168.11.101
        home-address                   127.0.0.10
        home-proxy-address             127.1.0.10
        home-proxy-port                5060
        route-home-proxy               enabled
        address-prefix                 *
        tunnel-redirect                disabled
        use-url-parameter              none
        parameter-name
        user-nat-tag                   -p1-
        host-nat-tag                   P1-
        headers                        Call-ID Contact From Join Record-Route
                                       Refer-To Replaces Reply-To Route To Via
                                       f i m r t v
Previous
Previous 		Next
Next
Go To Table Of Contents
Contents