yealink phones behind NAT special considerations?

Hello all. I’m coming from 3CX, was a long time asterisk user years ago but I’m not up to date and have never used vitalpbx.

The challenge is NAT. Does vital work for you penetrating most NAT engines so you can run multiple phones (for me, yealinks are my fav) without the use of individual port mappings or an SBC? This is a major challenge/failure of 3CX and I put a 3CX SBC at every single site.

Hey @dandenson, welcome to the community!

Yes, the majority of our clients go with a cloud/hosted solution, which means that the endpoint AND the server are behind (individual) NAT.

I strongly recommend to lock down the IPs that can access asterisk, or use a SIP proxy like Kamailio for security.

If you cannot do that, then have Asterisk listen for SIP traffic for ports other than 5060-5062 and install API ban. This along with fail2ban is a decent recipe to keep you out of the target zone from common robots.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.