3.5 Firewall and Network Address Translation Traversal Aid Extensions

  • Article

When a user agent forms a connection to a SIP proxy, SIP registrar, or other SIP servers and that connection traverses a firewall or a NAT device, the server might be unable to make a connection back to the user agent because of the firewall or NAT device. Because, during normal SIP operation, servers have to send responses back to the user agent, as well as initiate and forward requests destined to the user agent, the transport layer on the SIP server has to route messages to the user agent over the existing connection established from the user agent. To aid the transport layer on the SIP server in routing messages over the connection from the protocol client, this protocol defines mechanisms that help save connection identification information in Via, Contact, Record-Route, and Path header fields of the incoming SIP requests. The header fields described in this protocol are designed to preserve routing information for use by the transport layer. Specifically, the following list of header fields serves this purpose:

  • Via header fields MUST be copied from the SIP requests to responses, as specified in [RFC3261] section 8.2.6.2.

  • Contact and Record-Route header fields MUST be preserved in dialog state, as specified in [RFC3261] section 12.1.1, and copied to mid-dialog requests, as specified in [RFC3261] section 12.2.1.1.

  • Contact and Path header fields are saved in the SIP location service database for the user agent's domain, as specified in [RFC3327] section 5.3, and then inserted into the requests forwarded by the SIP proxies authorized for the domain, as specified in [RFC3327] section 5.4.