Network Address Translation (NAT) is a mechanism for changing the IP address of outgoing and incoming data packets at a network boundary. The motivation for this conversion is shortage of IPv4 network addresses. A network gateway provides NAT mechanism for a particular network, when packet crosses network boundaries.

Whenever any machine inside a network wants to send an outbound packet, the gateway first changes its source address to its own address (Gateway’s IP address) and makes an entry for the packet in NAT table. When an incoming packet is received, the gateway looks at its NAT table and changes its destination IP address. The lookup and destination address translation takes place after matching the correct port numbers. Sometimes the source port of a packet is also changed in order to establish a better mapping; this is called IP masquerading. One of the benefits of NAT is that it hides details of the internal network from the outside world. Thus providing some form of security.

VoIP doesn’t sit very well with NAT

The main reason is that Session Initiation Protocol servers use IP addresses as communication end points to establish a connection. These IP address are embedded into SIP packets as Session Description Protocol (SDP) data and NAT only converts IP address for IP packets. Later when RTP data packets (the actual audio) use the routing information from SDP, they may get lost because the routing information will not be consistent.

There are many mechanisms to deal with these problems. One of the most common ones are SIP “via header” and using TCP instead of UDP. When TCP is used the NAT binding must be kept alive for as long as connection is required. There are few other mechanisms which involve keeping a dedicated service for keeping track of NAT binding and SIP (and/or RTP) information like STUN and TURN. Sometimes these servers are provided as third party service. This means that the client and server have to contact a remote server to get binding information. One can also use a pair of local and remote servers. This acts as end points at respective gateways and channels both signal and voice. These servers are hosted gateways, but not always suitable for a network having multiple SIP clients behind a NAT server.