Why is it a problem using SIP Clients behind NAT? To understand why SIP Clients behind NAT are a problem, you have to first understand what NAT is and what it does. To understand NAT, you need to understand some basic concepts about how IP connections work, but it is assumed you already have this knowledge. If not, please read the explanation here. What is NAT? NAT stands for Network Address Translation. Unless you are using One-to-one NAT, then a NAT device will also perform Port Address Translation. For a detailed explanation of NAT click here. What does NAT do to IP packets sent from your IP phone to a host SIP server? It substitutes a different sender IP address and Port Number for the original one given by your IP phone. It does this at the packet level, but SIP is a protocol that is embedded within the data payload of the IP packets and so, unless your NAT device is "SIP Aware", it will not make changes to the IP address and port number used in the contact information embedded in the SIP messages. You therefore now have an inconsistency between the Sender IP Address and Port Number shown inside the SIP message and the sender IP address and port number shown as the sender at a packet level. Why does it matter so much in SIP? Surely the same thing happens with Web Browsing. Yes, the same thing does happen when you are browsing a web site using a PC connected to the Internet through a NAT device. However, the HTTP protocol used for web browsing is much less sensitive to the address substitutions made by the NAT device because it does not normally embed IP address information in its HTTP messages that is subsequently used by the web server to start a new connection back to your web browser. SIP, on the other hand, does exactly this when it tells the remote device to make a connection for the media stream (i.e. the audio). What happens in SIP that is so sensitive to address and port translations? Two things that SIP does can be messed up by NAT: First, your IP phone has registered itself with the SIP Registrar Server operated by your VoIP Service Provider because this allows your VoIP Service Provider to route inbound calls to your IP phone. (For a more detailed explanation of the Registrar Server, click here. For an explanation of the registration process, click here). However, if the IP address given to the Registrar server is the private LAN address of the IP phone, not the address on the external interface of your NAT router, then the Service Provider may not be able to send SIP messages to your IP phone. Second, when a SIP phone makes a call it sends a SIP INVITE request. Within that request, it also sends details of how it should be reached for the audio media stream. You see, the connection used for the SIP messages that start and end calls is not the same connection as is used to send the audio stream. The audio stream is always established on a new connection using a completely different port number. NAT routers normally allow outbound connections, but block inbound ones. This means your phone may be telling the remote device to open a media stream connection to it, but the remote device is unable to open the connection because it gets blocked by the NAT device. What are the symptoms of a NAT related problem? One of the most common symptoms is that someone calls your IP phone, it rings, you answer it and there is silence. A variation on this is that you answer it and there is 1-way audio - you can hear them but they can't hear you, or vice versa. Another symptom is that you can make calls to other people, but they cannot call you. A variation on this is that other people can call you in the first few minutes after your phone has registered, but not after 10 or 20 minutes. You may also get a combination of both the above symptoms or their variants. How do you overcome the problems of NAT traversal? Follow this link to see how SIP phones and SIP service providers overcome NAT traversal problems.