4-36
41-001343-01 Rev 02, Release 3.2.2
STUN and TURN Protocols
The IP phones support the following audio-path NAT Traversal features:
•
Simple Traversal of User Datagram Protocol (UDP) through Network Address
Translation (NAT)
or also known as
STUN
(RFC 3489)
and
•
Traversal Using Relay NAT
or also known as
TURN
STUN
is a protocol that allows the IP phones on a network to discover the presence and types of
NATs and firewalls between them and the public Internet. It also provides the ability for the
phones to determine the public IP addresses allocated to them by the NAT. STUN works with
many existing NATs, and does not require any special behavior from them. As a result, it allows
the phones to work through existing NAT infrastructures.
TURN
is a protocol that governs the reception of data over a connection by a single
communications device operating behind a NAT or firewall. A TURN server relays packets from
an external IP address towards the IP phone only if that phone has previously sent a packet
through the same TURN server to that particular external IP address.
SIP NAT IP configurations takes precedence over the STUN/TURN configurations. Typically,
the STUN/TURN configuration is only used for media (RTP traffic) - not for signaling. (For
signaling, you need to enable “Rport” if the NAT device does not recognize SIP. For more
information about “Rport”, see the section,
“RPORT”
on
page 4-61
of this release note.
The STUN/TURN configuration applies globally on the phone. If you configure both STUN and
TURN on the phone, it discovers what type of NAT device is between the phone and the public
network. If the NAT device is full cone, restricted cone, or port restricted cone, the phone uses
STUN. If the NAT device is symmetric, the phone uses TURN.
If you configure STUN only, the phone uses STUN without the NAT discovery process.
If you configure NAT only, the phone uses NAT and does not perform the NAT discovery
process during startup. TURN is compatible with all types of NAT devices.
Limitations to Using STUN and TURN
•
The Firewall type discovery process on the phone is limited to 20 seconds. If the discovery
process fails, the STUN server may not be configured correctly.
•
When making a new phone call, the phone limits obtaining the port from the STUN/TURN
server to 5 seconds. If the call does not go through in 5 seconds, the phone makes the call
using the Session Description Protocol (SDP) with a local IP:port.
An Administrator can configure a STUN and/or TURN server on the IP Phones using the
configuration files or the Aastra Web UI.
Note:
STUN does not work if the NAT device is symmetric.