Setting up GX4104 and HT814 over the internet



We are setting up a GXW4104 and a HT814 at two different locations. Peer to peer no SIP server.

Each location has a static IP public address on a modem/router, and the Grandstream boxes will be behind the router using NAT with a statically set internal IP address.

I have tested the two units on a local network and all is fine, so now need to move them to there final separate locations where they will communicate over the public internet. No VPN.

Assuming any firewalls are completely open, what else would I need to do?

So set each of the SIP server IP’s to the public IP of the opposite location.

Any port forwarding? Or will it just know where to set the packets?



Set the NAT IP in each device such that it reflects their own static public IP.
Set the security to accept requests from the SIP proxy only and to valiadate the messages. (prevents ghost calls)
Set the device with their own static/reserved private IP and then set forwarding in the routers for the various sip and rtp ports in use at both ends.
Disable any SIP alg or helpers
If possible consider VPN.


Thanks for your quick reply!

Can I just check a few points.

Which setting is this? I’m a bit confused by this? Could you clarify. Is this router or Grandstream settings?

Sorry, ive no idea about this one?

Great, sounds straight forward.

Ok, i’ll check the router for any of this.

Many thanks!


Set the NAT IP in each device such that it reflects their own static public IP. - GXW devices, this allows the devices to tell the other GXW which IP to use when communicating with one another.

Set the security to accept requests from the SIP proxy only and to validate the messages. (prevents ghost calls) GXW devices.

The manuals describes the settings.


Thanks thats great.

I see both devices have a setting:
Use NAT - IP Defines NAT IP address used in SIP/SDP messages. It should only be used if required
by ITSP.

So put the devices own IP in there right.

Do we also need this on:
Proxy Require - SIP Extension to notify SIP server that the unit is behind the NAT/Firewall.
Bare in mind its peer to peer and no actual SIP server.


The NAT IP is the public IP in use at each site.

If the 4104 is behind a router and the router public IP is, then put in the NAT IP of the 4104. If the 814 is sitting behind a router with a public IP of, then put in the NAT IP of the 814. This tells the devices how to formulate the message to the other device so that the other device when receiving a message will know what public IP to use when responding; otherwise it may try and use the other devices’ private IP which will never be seen.

You should not need proxy require.
Peer to peer defines the device connection as not needing an authentication as the IP addresses are considered as trusted. The devices themselves are SIP servers in that each will send and receive SIP messaging to/from one another and then control the results at the analog side of things.


Ah, Got it thanks!