- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
1:1 NAT vs 1:Many NAT for VoIP
Hello All,
We currently have an MX84 on our network with redundant ISPs (a 50\50 fiber and a 50\10 coax) and two VLANs. One VLAN for clients and phones (Same network for backup purposes) and the other VLAN for servers. We have a relatively new VoIP service as well and were having VoIP QoS issues. I was working with the provider to determine why the QoS was so bad and could not determine the issue.
As it happened our Coax went out a few weeks ago and our QoS increased immensely. After some testing I found that the simultaneous connection of the Coax and the fiber is causing the QoS issue. After doing a good amount of research I believe that the issue might be that the firewall requires NAT to ensure that the phones have a solid connection.
I was wondering if users with VoIP and and VLANs prefer 1:1 NAT or 1:Many NAT? Is their one that you find works better with VoIP? I am hoping that I do not have to make too many rules for each user.
Any help would be appreciated.
Thank you
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
1:1 would be a single WAN IP to a single LAN IP. 1:Many could be a single WAN IP to multiple different LAN IPs as long as they are different ports/protocols. Just keep in mind with two ISPs you may need to create NAT rules for each ISPs WAN IPs. Also if one of the ISP/circuits goes down it will likely interrupt a portion of your VOIP calls no matter what since those streams would be actively going across one of the circuits and will have to establish over the other circuit.
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So if I need both VLANs to access the WAN through the main fiber connection and also require rules to ensure that the phones always use the main connection instead of attempting to use the coax connection (when it is connected) then 1:Many seems like it would be the best choice.
Thank you for the clarification.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For that I would use a flow preference.
Security Appliance>Traffic Shaping
Flow Preferences
Internet Traffic
There you can set source or destination based rules to prefer a WAN connection. Then it'll only use the other if that WAN connection fails. If you want to get more fancy you can use performance classes on that same page to prefer whichever WAN connection has the lowest latency 😉
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
i wonder if sip at meraki also reconize rtp or only signaling. if not, you would be better of adding the voip subnet to the rule.
not sure why a email server need high priority.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What are you doing 1:1 NAT with currently? Did the VoIP provider give you an on-prem device that they are asking you to forward traffic to or something else?
Do you have any traffic shaping rules defined on the MX to ensure voice traffic is giving the correct priority?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello MRCUR,
I am not using NAT currently and the VoIP provider did not provide any on Premise device only the VoIP phones that we purchased.
I have set Traffic Shaping Rules making SIP (Voice) a High Priority object with no bandwidth limit and no DSCP Tagging. I have also added our main web page and Mail server as high priority with a limit of 39 Mbps and everything else as normal with 15 Mbps (We have 100 Mbps Fiber).
With the current Traffic shaping rules we are getting 99% QoS (without the coax connection) this is why I thought it might be a NAT issue.
Thank you