VOCAL’s NAT/Firewall software library is integrated within our Network Stack and SIP Stack. This module permits users behind a NAT/firewall to safely and successfully communicate with other users who may similarly also be behind a NAT/firewall. Compatibility and interoperabilty has been assured by extensive testing and use with many popular industrial products and VoIP providers. Contact us to discuss your software application requirements.


While Network Address Translators (NATs) may be necessary to manage IP communication between different networks, simply changing IP addresses may break many network applications and make future deployment of new products problematical. As a result, various methods have been developed to analyze and successfully traverse NATs.

There are four basic types of NATs, varying in the degree of security and filtering performed:

Symmetric NATs are the most restrictive and, unfortunately, are commonly found in business. These require matching destination IP address and port numbers for the VoIP speech packets. This specifically disallows the direct end-to-end speech packets sent by many free VoIP service providers. The paid subscription VoIP providers typically deploy a hardware end-point to terminate each leg of the voice call so that the requirements for symmetric NATs are satisfied.

Simple Transfer of UDP though NAT (STUN) is also known as a NAT probe or external query. A STUN client, in this case within an ATA (behind a NAT), sends out a series of probe messages to a STUN server residing outside a NAT. Based on the responses from the STUN server, the STUN client can determine the type of NAT that it is located behind. When used with VoIP protocols, the results of STUN mapping discovery (namely the public IP address and port number) are used in the VoIP protocol exchanges.

This allows many of the free VoIP services to function properly, but only if the NAT is non-symmetric. Symmetric NATs require either the opening of fixed address/port mappings for the VoIP protocols to use or the use of specific VoIP service providers which deploy RTP relay equipment.

More Information

NAT/Firewall Features