Networks That Do Not Have a Network Address Translation (NAT) Router

The Problem:

The network has no firewall protection, exposing the phones directly to the internet & creating an opportunity for international fraud

The network has a limited number of IP addresses, and once these are taken, connection of additional network devices - including but not limited to phones, computers, ethernet-enabled printers - will cause unpredictable and generally bad network operation, as the DHCP server on the gateway device attempts to decide what devices can have IP addresses, and which ones cannot.

In most cases, the user is unaware that they do not have a router/firewall performing NAT, and do not realize that their entire network is visible to anyone on the interet who wants to access it. There are generally no obvious markings to allow a user to tell the difference between a modem-gateway with router functionality, and one without. To make things worse, some ISPs will provide a modem-router device, but configure it to provide public IPs and disable the router functionality.

Customers with Cable ISPs have the most Common occurance of this problem.

Diagnosis:
Always make sure that phone-system products are acquiring an address in a private IP range before moving on to other network-related troubleshooting.

Private IP ranges include:

  • 192.168.0.0 - 192.168.255.255
  • 172.16.0.1 - 172.31.255.255
  • 10.0.0.1 - 10.255.255.255

Also, please note that software products running on your computer which claim to be a 'firewall' or 'Internet Security Suite' are not a network firewall or a router, but rather an internet connection filter protecting that specific computer only. They provide no security against network intrusions that are not targeted at a specific computer system (such as those targeted at VoIP phones).

Background:
Certain ISPs include multiple IP addresses with their 'business-class' and higher-end residential services. This allows a small number of computers (usually 3 or 5) to be connected with public IP addresses.

Solution:
Since Intermedia does not support connecting our phones to public IP addresses (eg, not behind a router/firewall) due to the extremen risk of SIP calling fraud, if you discover that you do not have a NAT-enabled router, the 'next step' is to obtain one. Consult the Router Compatibility List and purchase a Recommended or Serviceable router.