All,

Software NAT on the UX5000 information below:

I have shared this information with dealers and they are fine with it. If they see
the fact that there is no need for a VPN router anymore to install an IP Terminal
at the home office Software NAT pays for itself.

Just so we all know.

The basics of UX5000 Software NAT today are:

1) The system side router always needs to have IP Ports forwarded.

a. This is the case for all manufactures that have IP Terminals that
work without a VPN router.

2) Some manufactures have a VPN built into the IP Terminal.

3) Some manufactures have a separate Mobility Server, at an additional cost

that allows for remotely connecting IP Terminals without a VPN router.

4) UX5000 Software NAT requires no other hardware. No VPN router is

required. The cost of VPN router can vary from $100 - $10,000 depending
on the features the router has.

5) UX5000 Software NAT may work without touching the remote end. These
type of routers are called SIP Aware.

6) In some cases you should be able to plug an UX5000 IP Terminal into a

home office and it should come up. (SIP Aware Routers)

7) Some routers may block the ports needed to register an UX5000 IP

Terminal.

8) UX5000 Software NAT may require the home office router to forward two
IP ports 3462 and 5060.

9) To forward ports on a remote or home office router a dealer might have to

roll a truck and visit the site to program the customer’s router.

10) Another option is you can set up a remote PC connection from the
dealer’s office to the home office PC and then gain access to the router
and make the changes needed.

a. In order to program a router remotely you will need software like

Log Me In
https://secure.logmein.com/welcome/get_logmein_free/signup.asp
or WebEx type software.
10.) The UX5000 requires a Software NAT License for the install.

11.) Dealer’s office system should have free Demo licenses loaded in it which
include the Software NAT license loaded in it to able to test remote IP Terminals
at will.

NAT Router - Remote side:

• Port Forwarding is necessary for SIP registration, RTP packets for audio, and
WebPro.
• The SIP registration default port is 5060 and should be forwarded to the terminal
IP address as configured via the network settings on the terminal.
• The Server IP address is the IP address of the IP terminal.
• RTP packets which default with a starting number of 3462 should also be
forwarded to the IP terminal address.

NAT Traversal / NAPT (Network Address Port Translation): Function Added With
Software
This software, which requires a NAT license, provides the ability to establish SIP
communication with the UX5000 and RTP communication among SIP terminals through
Network Address Translation (NAT) on an IP network. With NAT Traversal, there is no
need to have to set up a VPN connection for an outside user to be able to access the
UX5000.
This feature is available for use with UX5000 IP terminals - IP-CTS, Enhanced, or Value
terminals. UX Softphone in CTI mode, Wireless Terminals (MH240) and standard SIP
terminals are not supported. For this option, Program 10-46-14 : SIP MLT Server
Information Setup - NAT Mode , 10-58 : SIP MLT Local Network Area Setup and 90-
65-01 : 1st Party CTI Authentication Password are added. (However, Program 90-65-01
is for future use and is not currently used at this time.)
Direct Connection Supported:
When the UX5000 is assigned a global IP address, it can control the IP terminal (NAT).
Conditions
• NAT license required (license #0031). If the NAT license is not installed in the
UX5000, the IP terminal (WAN/NAT) cannot be registered. It is, however,
possible to register the IP terminal connected via LAN. If the NAT license is not
installed, the WAN/NAT IP terminals will indicate a "License Exceeded >>>>
License No. 0031" error message on their displays.
• If a demo license for NAT is used and it expires, any WAN/NAT IP terminal
registered to the UX5000 is reset.
• When the connection destination IP address of the terminal is on the WAN side IP
address of the NAT router and the WAN side IP address of the NAT router is
changed, it is necessary to change the setting of the terminal (WAN/NAT).
• When using CygniLink, the system can only use one NAT router. Two routers in
the same network cannot be used for remote extensions.
• NAT Traversal can be used when Encryption is enabled for a terminal.
• The following services via NAT are not available/not guaranteed to function if the
terminal is not located in the same network.
 XML Browser
 IP Phone Manager
 WebPro
 Auto Configuration
 Download
NAT Router - UX5000 side:
• The NAT router requires static NAT/port forwarding.
• It is required to set the static global IP address for the WAN IP address of the
NAT router.
• It is necessary to set up the NAT router in the same network at the system.
• The UX5000 can only use one NAT router.
• The firmware for the UX5000 and the SIP MLT must be updated to the latest
version.
• Port Forwarding is necessary for SIP registration, RTP packets for audio, and
WebPro.
• SIP registration uses ports 5080 and 5081 and should be forwarded to the
UX5000 IP address as defined in Program 10-12-09.
• The VoIP gateway ports should be forwarded to addresses defined in Program 84-
26-01.
"DSP1" forwards ports in the range of 10020 - 10051 to IP
address 172.16.0.20 while "DSP2" forwards ports in the
range of 10052 - 10083 to IP address 172.16.0.21. Port
and IP information is found in Program 84-26-01 and is
user-definable. The port range is based on the port
capacity of the VOIPDB.
The router should allow port forwarding in a range of
ports. Most routers restrict the number of entries and
would not allow all DSPs to be forwarded.
• In the graphic below, an application labeled "WebPro" was created to forward
port 80 to the UX5000 system address for remote system administration. Be
aware of the "protocol" selected, UDP versus TCP and select accordingly. In the
Remote Router Access area within the router setup, enable the remote
administration using default port of 8080 for WebPro access.

• In the following setup, the settings are based on:

- WAN IP = 10.1.1.1/16
- LAN IP = 172.16.0.254/24
- Default Gateway = 12.3.3.3 (public IP address of the next in line NAT
router)
- DHCP = Disabled
NAT Router - Remote side:
• Port Forwarding is necessary for SIP registration, RTP packets for audio, and
WebPro.
• The SIP registration default port is 5060 and should be forwarded to the terminal
IP address as configured via the network settings on the terminal.
• The Server IP address is the IP address of the IP terminal.
• RTP packets which default with a starting number of 3462 should also be
forwarded to the IP terminal address.
• In the following setup, the settings are based on:
- WAN IP = 12.3.3.3/16
- LAN IP = 192.168.1.254/24
- Default Gateway = 10.1.1.1
- DHCP = Disabled
• For additional IP terminal registrations, the SIP registration port should be
incremented from its default value of 5060 and forwarded to the terminal IP
address as configured via network settings on the terminal. (5061, 5062, 5063,
etc.)
• The Service Name should reflect the nature of the ports being forwarded for
additional IP terminals ( rtppacket1, sipreg2, etc.).
• For additional IP terminal registrations via the Remote Router, the default RTP
port number should be incremented to the next EVEN value, per terminal. ( 3464,
3466, 3468, etc.) and forwarded to the IP terminal IP address
SIP MLT - Terminal side setup:
For the NAT Traversal feature, several new options are added to the terminal's setup
menu.
The following table is an example of the settings required in the NAT SIP MLT.
Name of
Specified
Item Specified Remark
Value
Data
DHCP Mode Disable
IP Address 192.168.0.100
Default Specify the address for the LAN side of the NAT router on the
192.168.0.254
Gateway terminal side.
Subnet Mask 255.255.255.0
Network
Settings If multiple terminals are installed in the domain of the NAT
RTP Self Port 3462 router on the terminal side, specify this to avoid overlap for
each terminal.
If multiple terminals are installed in the domain of the NAT
SIP Self Port 5060 router on the terminal side, specify this to avoid overlap for
each terminal.
SIP Server Address - No need to specify (This is not referenced.)
Settings SIP Server Port - No need to specify (This is not referenced.)
NAT Traversal
Static Specify static traversal.
Mode
Network Area
"OFFICE" Specify the area name where a terminal exists.
Name
Specify the IP address for the main device. If the main device
WAN Mate IP
10.1.1.1 is installed in the NAT router domain, specify the WAN-side
Address
address for the NAT router.
WAN SIP 5080 Specify the SIP receiving number of the main device. If the
Mate Port device is in a NAT router domain, specify the number of the
 SIP port for transferring data from the NAT router to the
device.
WAN Self IP Specify the WAN-side address for the NAT router on the
12.3.3.3
Address terminal side.
The setting for these options are defined in the Configuration menu within the IP
terminals (IP-CTS, Value and Enhanced). To access the menu options, perform the
following steps at the terminal:
 Press the MENU button. Access the Maintenance/Configuration menu and
enter the user name and password for the ADMIN mode (by default, User
Name: ADMIN, Password: 6633222).
 Select [2. SIP Settings], then [8. NAT Traversal].
Number
Setting Default Factory Auto
and Name Description
Value Value Value Config
of Setting
Settings for NAT traversal:
○ Disable: Disables NAT
traversal.
○ Dynamic: Performs NAT
traversal using a dynamic
1. Disable
1. NAT conversion table to
2. 1.
Traversal
Dynamic Disable
Available Available automatically assign IP
Mode
3. Static address for 1 remote router
within the terminal menu
(WAN setting not required).
○ Static: Performs NAT
traversal using a static
conversion table.
A The name of the network area to which terminals
2. Network
character No value Available Available belong.
Area Name
string Specify up to 32 alphanumeric characters.
3. WAN
Settings
1. WAN
Mate IP IP address 0.0.0.0 Available Available SIP server address for when traversal over NAT
Address
2. WAN
1024- Port number of the SIP server for when data exceeds
SIP Mate 5060 Available Available
65535 NAT capabilities
Port
3. WAN IP address for terminals to be recognized from the
Self IP IP address 0.0.0.0 Available Available WAN side.
Address Specify the WAN-side IP address of the NAT router.
4. STUN
Enhanced items
Settings
 Press the EXIT Soft Key as needed to display the initial configuration screen.
  Select [1. Network Settings], [6. Advanced Settings], then [5. Self Port
Settings].
Number and Setting Default Factory Auto
Description
Name of Setting Value Value Value Config
1024-65528
1. RTP Self Port
Even
3462 Available
Not • The number of the port
numbers Available receiving RTP data.
only

1. SIP Self Port 1024-65534 5060 Available

Not • The number of the port
Available receiving SIP data.

 Press the EXIT Soft Key as needed to display the initial configuration screen.
 Press the SAVE Soft Key to reset the terminal.
When the terminal starts, the parameters for the NAT
Traversal settings are checked. If errors are detected, a
"SIP Server Not Found" error message will be displayed
on the terminal. This can occur if the following conditions
exist in the terminal setup:
NAT Traversal WAN Mate WAN Self
Default Gateway Judgement
Mode Address Address

Exists • OK
Exists
Exists Does Not Exist • Not OK
Static
Does Not Exist - • Not OK

Does Not Exist - - • Not OK

• The NAT SIP MLT cannot use the dynamic IP address by DHCP. However, the
NAT SIP MLT can use the static IP address by DHCP.
• If two or more NAT SIP MLTs use one NAT router, the SIP port number and
RTP/RTCP port number must be unique.
• When NAT Traversal is enabled, the server address in the SIP settings are not
referenced. Therefore, the monitor will display that the data is invalid.
Multicast RTP
• With external MOH, BGM and Room Monitor which are used from a terminal
which exists in a different subnet from the system, the Multicast packet relay
function is required to relay the multicast packet (without NAT/WAN terminal).
• The MOH of a NAT/WAN terminal is local MOH or a local tone.
• NAT/WAN terminals cannot be used to monitor a room nor can they be used to
initiate room monitor.
• A NAT/WAN terminal cannot set BGM.
RTP Peer-to-Peer
Peer-to-Peer:
Program 10-26-03 Program 10-26-04 SIP-MLT
- Standard SIP
SIP P2P UX IP Terminal (LAN)
SIP-MLT (LAN) P2P P2P
ON ON Standard SIP - P2P
SIP-MLT (LAN) VOIPDB VOIPDB
ON OFF Standard SIP - P2P
SIP-MLT (LAN) P2P VOIPDB
OFF ON Standard SIP - VOIPDB
SIP-MLT (LAN) VOIPDB VOIPDB
OFF OFF Standard SIP - VOIPDB
Peer-to-Peer with NAT Enabled (Program 10-46-14 = 1):
SIP-MLT
Program 10-26-03 Program 10-26-04
- (LAN) Standard SIP
SIP P2P UX IP Terminal
LAN WAN NAT
LAN P2P VOIPDB VOIPDB
SIP-MLT WAN - P2P P2P VOIPDB
ON ON NAT - - P2P
Standard SIP - P2P
LAN P2P VOIPDB VOIPDB
SIP-MLT WAN - P2P P2P VOIPDB
OFF ON NAT - - P2P
Standard SIP - VOIPDB
• With a conversation between a SIP-MLT (WAN/NAT) and a SIP-MLT (LAN),
the RTP is connected with the VOIPDB. It does not depend on the setting of
Program 10-26-04.
 With a conversation between a SIP-MLT (LAN/WAN/NAT) and a SIP single
line terminal, the RTP is connected with the VOIPDB. It does not depend on
the setting of Program 10-26-03 and 10-26-04. In this case, two VOIPDB
resources are used.
Programming
 10-46-14 : SIP MLT Server Information Setup - NAT Mode
When the UX5000 controls the WAN/NAT SIP multi-line terminal using the NAT
router, the option must be set to "ON" (1).
Entries: 0 = Off, 1 = On
Default: 0
 10-58-01 : SIP MLT Local Network Area Setup - Network Address
If a SIP MLT connects to the UX5000 via local router as allowed by Program 10-46-14,
this data sets the local network address. This entry is required when both a NAT router
and local router are used in order for the UX5000 to recognize the location of the SIP
MLT.
Entries:
Area Table 1-8
IP Address Range:
0.0.0.0~126.255.255.254
128.0.0.1~191.255.255.254
192.0.0.1~223.255.255.254
Default: 0.0.0.0
 10-58-02 : SIP MLT Local Network Area Setup - Subnet Mask
If a SIP MLT connects to the UX5000 via local router as allowed by Program 10-46-14,
this data sets the local subnet mask. This entry is required when both a NAT router and
local router are used in order for the UX5000 to recognize the location of the SIP MLT.
Entries:
Area Table 1-8
Subnet Mask Range:
128.0.0.0 / 192.0.0.0 / 224.0.0.0 / 240.0.0.0 248.0.0.0 / 252. 0.0.0 /
254.0.0.0 / 255.0.0.0 / 255.128.0.0 / 255.192.0.0 / 255.224.0.0 /
255.240.0.0 / 255.248.0.0 / 255.252.0.0 / 255.254.0.0 / 255.255.0.0 /
255.255.128.0 / 255.255.192.0 / 255.255.224.0 / 255.255.240.0 /
255.255.248.0 / 255.255.252.0 / 255.255.254.0 / 255.255.255.0 /
255.255.255.128 / 255.255.255.192 / 255.255.255.224 /
255.255.255.240 / 255.255.255.248 / 255.255.255.252 /
255.255.255.254 / 255.255.255.255
Default: 0.0.0.0
 90-65-01 : 1st-Party CTI Authentication Password
- Not Currently Used -
This program sets an authentication password when a 1st-Party CTI application (with
password capability) is connected to the UX5000 via a NAT router (connection outside
the LAN). If there is no password defined, the UX5000 will not certify the connection.
With a password defined, the incoming connection will only be connected if the
password is confirmed.
Entries: 16 characters max.
Default: nec-i
The following chart provides an example of the NAT router settings. Note that this is
only indicating the settings for the NAT portion. Use this information to help with the
port forwarding setup in the router.
When using CygniLink, the NAT setup for the VOIPDB needs to be set in the primary as
well as the secondary system. The port number for the RTP/RTCP for the secondary
system must be unique from the primary system. The following chart provides an
example of the CygniLink portion of the setup and the NAT router information.

The following example indicates an example of the settings required in the NAT SIP
multi-line terminal.