NAT routers exposing real local port of phones

More and more I am seeing home users behind NATs showing up with a source port of 5060 instead of some random source port that gets passed through/translated back to the phone. This causes issues for home users because scum bag scanners and script kiddies start sending random calls and waking up the user at night.

For an office environment, this causes all phones to try to operate with a publicly exposed source port of 5060 on a single external IP which obviously doesn’t work at all :smile:

I only see this once in a while and so far my solution has been to change the local port on each phone to something other than 5060. This works OK for a single phone behind a home NAT but it’s a mess for a whole network of phones at a small office. It also means I have one more thing to track so I don’t end up assigning the same local port to more than one phone.

What are you folks doing to solve this issue when it comes up? Is this just the result of crappy NAT routers not doing their job?

I know many routers/firewalls have SIP/VoIP settings but I have mostly found those to cause more issues than they solve, especially on SonicWalls (yuck).

Any thoughts or help are appreciated. I have a some ideas on how to deal with this but I thought I would seek the wisdom of the group here.

Any help thoughts or advice are appreciated.

1 Like