Wan IP/NAT Detection

If you are deploying the Centrex Proxy Server® behind a NAT router (in your private IP address space), then you must read this section. If you are deploying the Centrex Proxy Server® in the global IP address space, you can skip this section.

The Centrex Proxy Server® has the ability to function behind network elements (routers) that perform network address translation (NAT). However, because the Centrex Proxy Server® will be assigned an IP address that only exists in your private network, you must enable WAN IP detection capabilities. Allowing the Centrex Proxy Server® to determine its WAN IP address in the global IP address space allows the sever to perform SIP protocol packet address and port "fixups". This capability is essential to overcoming the SIP protocol problems that arise due to NAT when the server is deployed behind your outermost router.

IMPORTANT: For ease of use and to minimize and simplify your network configuration, the Centrex Proxy Server® should be deployed in your private network immediately behind your outermost network router (or other device) that is performing network address translation. If you follow this rule, you will not have to maintain any special "port forwarding" settings in other routers distributed throughout your network and all users within the private network will have access to the proxy. If deployed correctly, the only router that requires a "port forwarding" setting is the outermost router. It will need to port forward the SIP port of the Centrex Proxy Server® to the host machine running the proxy. You could also deploy the Centrex  Proxy Server® to the outermost router's DMZ and then you will require no special port forwarding settings.

Once the Centrex Proxy Server® determines its WAN IP address, it will perform complex SIP packet modifications that are generally performed by expensive dedicated 3rd party session border controllers and session boundary controllers. These dedicated 3rd party network elements are expensive and generally cost thousands of dollars.


The following dialog is used to specify WAN IP/NAT detection parameters:






Enable WAN IP Address usage:

This option must be checked to enable WAN IP detection.



Use DNS and the Domain Name to resolve a WAN IP address:

When this option is selected, the Centrex Proxy Server® will use your configured SIP domain name to resolve the WAN IP address using DNS. The domain name will be monitored to detect any changes in the WAN IP address.



DNS monitor interval (Seconds):

When using DNS and the domain name to resolve the proxy WAN IP address, this setting specifies the interval that will be used to query DNS.



Specify a static WAN IP address:

If your SIP domain resolves to a known static IP address, then you can specify the static IP address here.



Dynamically monitor your WAN IP address:

The Centrex Proxy Server® can also be placed into a mode where it will periodically monitor your IP address using an HTTP request. Generally, you would want to specify the URL to a configuration page of your private network's outermost NAT router. The configuration page of your router must display the WAN IP address of your internet connection. The Centrex Proxy Server® will be able to request the contents of this router page and parse the returned IP addresses. You can then tell the Centrex Proxy Server® which IP address it should use. How to do this will be discussed below.



NAT Detection URL:

When you select the NAT dynamic discovery option, this edit filed will be enabled so you can tell the Centrex Proxy Server® where it should retrieve its Wan IP address information. The URL you specify here can be the URL of your outermost local router that is protecting your private network. If your NAT router does not have a web interface, the value of this edit field can also be the URL of any web site that is on the internet that supports Wan IP address discovery. For example, you could specify something like the following:

http://MyUserName:MyPassword:@192.168.1.1/Status.htm.

This happens to be a URL for a Cisco router we have at our LanScape engineering facility. The string "MyUserName:MyPassword" is the user name and password that is required to log into the router. The Cisco router (and other Linksys routers) have a status page that can be inspected in order to find your private network's Wan IP address. Once you configure your Centrex Proxy Server® to go to the router's status page, it will monitor your Wan IP address automatically.

If your NAT router does not support an HTTP web interface, you can specify some other Wan capable web site URL. At the time of this writing, we knew of the following web sites that support Wan IP address detection:

http://www.whatismyip.com
http://www.showmyip.com
http://www.sharewareisland.com/myip.asp
http://www.ventrilo.com/myip.php

Note: LanScape Corporation is not in any way associated with the above web sites and you assume all responsibility and liability if you decide to use them for their author's intended purpose.



IP Address Monitor Interval (Seconds):

This parameter specifies the periodic interval that will be used to monitor your Wan IP address. The Centrex Proxy Server® will periodically go to your specified URL location and retrieve the current value of your Wan IP address. Setting a value too small (less than 60 seconds) is not recommended.



IP Address prefix string:

For a very few individuals: If you have developed your own web site that returns Wan IP address information, you can use this string to specify a prefix string delimiter that can be used to locate the Wan IP address that is returned in your HTML content. If you use this method, a dotted decimal IP address must immediately follow the delimiter string you specified. This setting is maintained for backward compatibility with earlier version of the Centrex Proxy Server®.

For most of us: The value that is specified here is generated by the Centrex Proxy Server® when you use the "Interrogate NAT URL for IP Address" button. If you want to automate your Wan IP address discovery, perform the following procedure:

Lets assume you have instructed your Centrex Proxy Server® to access your router's status page (it contains your Wan IP address). See "NAT detection URL" above.

Now press the "Interrogate NAT URL for IP Address" button.

A dialog will be displayed that will attempt to retrieve all IP addresses that exist in the HTML content returned from the "NAT detection URL" you specified. For example, when we run this procedure against our Cisco router, our Centrex Proxy Server® displays all the following dotted decimal addresses:




Note: Not all the dotted decimal strings displayed are IP addresses. They can also be subnet masks, default gateways, etc.

Prior to running this discovery test, we manually looked on the router's status page for our reported Wan IP address. We determined it to be: 65.29.58.35.

We now look for the first occurrence of our Wan IP address from the drop down list in the above dialog and select it.

To complete the Wan IP address discovery test, press the OK button.
 

Because we selected the third IP address in the List control shown above, the "IP Address prefix string" the Centrex Proxy Server® will use is: "#LearnedIpFormat_3". Note that this same procedure can be used to "learn" the Wan IP address from any of the previously mentioned web sites.


Important:

If at all possible, use your NAT router to determine your Wan IP address. If you do, the Wan IP address discovery procedure discussed above will only have to be performed again if you replace your router.

If you use a web site to assist in determining your Wan IP address, then the discovery procedure may have to be performed again if the web page changes. If you have any connectivity problems with your Centrex Proxy Server®, you should reverify that the Wan IP address your Centrex Proxy Server® is using is correct.




Enable NAT database updates:

This setting will allow the Centrex Proxy Server® to perform an HTTP post operation to the web page URL you specify in the "NAT Database URL" field. This capability is maintained for backward compatibility with earlier versions of the Centrex Proxy Server®. When the Centrex Proxy Server® posts its discovered WAN IP address to the specified URL, the parameter string it will use for the post has the general form:

"?op=operation_code&p1=wan_ip_address&p2=proxy_sip_port&p3=domain_name&p4=private_ip_of_proxy"

Where:

operation_code - Always set to the value 5000.

wan_ip_address - The WAN IP address the Centrex Proxy Server® discovered.

proxy_sip_port - The UDP port the Centrex Proxy Server® will use to received SIP packets.

domain_name - The VOIP domain name.

private_ip_of_proxy - The private IP address use by the Centrex Proxy Server®.

For example, Lets assume the following: The Centrex Proxy Server® determines it's WAN IP address to be 66.34.100.19, its domain name is "mycompany.com", its private IP address is 192.168.1.100 and it receives SIP traffic on UDP port 7000

Also lets assume that the HTTP URL you specify for the web update is:

http://www.mycompany.com/SaveTheData.asp

The Centrex Proxy Server® will post the following to the web site:

http://www.mycompany.com.SaveTheData.asp?op=5000&p1=66.34.100.19&p2=7000&p3=mycompany.com&p4=192.168.1.100 

When the Centrex Proxy Server® is terminated, it will post the following to the web site:

http://www.mycompany.com/SaveTheData.asp?op=5000&p1=0.0.0.0&p2=0&p3=NoDomain.com&p4=0.0.0.0

Client WAN IP Address discovery:

This setting should remain at "Disabled" unless otherwise instructed by LanScape support staff. This capability is maintained for backward compatibility with earlier versions of the Centrex Proxy Server®.