Chapter 22 VoIP Solutions: SIP : FortiGate VoIP solutions: SIP : How the SIP ALG performs NAT : How the SIP ALG translates IP addresses in SIP headers : Source NAT translation of IP addresses in SIP messages
  
Source NAT translation of IP addresses in SIP messages
Source NAT translation occurs for SIP messages sent from a phone or server on a private network to a phone or server on the Internet. The source addresses in the SIP header fields of the message are typically set to IP addresses on the private network. The SIP ALG translates these addresses to the address the FortiGate unit interface connected to the Internet.
Table 103: Source NAT translation of IP addresses in SIP request messages
SIP header
NAT action
To:
None
From:
Replace private network address with IP address of FortiGate unit interface connected to the Internet.
Call-ID:
Replace private network address with IP address of FortiGate unit interface connected to the Internet.
Via:
Replace private network address with IP address of FortiGate unit interface connected to the Internet.
Request-URI:
None
Contact:
Replace private network address with IP address of FortiGate unit interface connected to the Internet.
Record-Route:
Replace private network address with IP address of FortiGate unit interface connected to the Internet.
Route:
Replace private network address with IP address of FortiGate unit interface connected to the Internet.
Response messages from phones or servers on the Internet are sent to the FortiGate unit interface connected to the Internet where the destination addresses are translated back to addresses on the private network before forwarding the SIP response message to the private network.
Table 104: Source NAT translation of IP addresses in SIP response messages
SIP header
NAT action
To:
None
From:
Replace IP address of FortiGate unit interface connected to the Internet with private network address.
Call-ID:
Replace IP address of FortiGate unit interface connected to the Internet with private network address.
Via:
Replace IP address of FortiGate unit interface connected to the Internet with private network address.
Request-URI:
N/A
Contact:
None
Record-Route:
Replace IP address of FortiGate unit interface connected to the Internet with private network address.
Route:
Replace IP address of FortiGate unit interface connected to the Internet with private network address.