Various forms of communications can be performed in packet-based networks, such as electronic mail, web browsing, file transfer, and so forth. With the increased capacity and reliability of packet-based networks, voice communications (along with other forms of real-time, interactive communications) have also become feasible. In such communications, voice and other real-time data are carried in packets that are sent across the network.
Standards have been proposed for voice and multimedia communications over packet-based networks. One such standard is the H.323 Recommendation from the International Telecommunication Union (ITU). Another standard for voice and multimedia communications is the Session Initiation Protocol (SIP), as developed by the Internet Engineering Task Force (IETF). Generally, H.323, SIP, and other control protocols are used for negotiating session information to coordinate the establishment of a call session. Once negotiation setup has been completed, packetized media (including voice or other forms of real-time data) can flow between endpoints. A media transport protocol, such as the Real-Time Protocol (RTP), is used for conveying packetized media between the endpoints.
Various issues are associated with communications over packet-based networks. One is the dwindling supply of network addresses, such as Internet Protocol (IP) addresses. To address this problem, network address translation (NAT) is provided to enable address translations between public and private networks. By reusing a pool of private addresses in different private networks, the virtual supply of network addresses is extended. Another concern of packet-based communications is security. Once a network address of a specific node is known, this network address can be used as routing information to gain illegal access to the node and all of its resources. Network address translation can be used to hide network addresses of nodes to protect such nodes.
Also, to prevent unauthorized access of a private network, a firewall is placed between the private network and a public network. Thus, in a typical arrangement, nodes and terminals on a private network are connected behind a node that includes both a firewall and a network address translator (NAT). Collectively, such a node can be referred to as a “firewall and NAT module” or “firewall and NAT device.”
Generally, to offer telephony services to terminals or clients that reside behind a firewall and NAT module, some modification typically is needed of the firewall software. One issue is that a firewall does not allow unsolicited connections from a system or device outside a private network to nodes or devices on the private network. Another issue is that, because of the presence of a NAT, a network address allocated to a terminal (for communicating bearer traffic packets) by the NAT is not known until the network address translation actually occurs. Note that the address used by the terminal for call session setup signaling (control signaling) may be different for the address used for communication of bearer traffic packets (carrying telephony media such as voice). This is because a NAT typically dynamically assigns addresses on an as-needed basis after a call session has been established and bearer traffic packets are actually communicated. A need thus exists for an improved method and apparatus of providing telephony services to terminals or systems behind a firewall and NAT.