• Universal Plug and Play (UPnP)

Problem: … relies on the NAT opening pinholes to the outside world under the dynamic control of the UPnP client – maybe a SoftPhone on a PC. This capability is most likely contrary to most security policies and therefore may not be accepted by communications managers of corporate customers.

• Simple Traversal of UDP Through Network Address Translation devices (STUN)

Problem: Most NATs in use today are symmetric. This means that they create a mapping based on source IP address and port number as well as the destination IP address and port number. STUN will not work with symmetric NATs

• TURN – Traversal Using Relay NAT

Refinement over STUN by using a proxy to relay packets

• Application Layer Gateway

Enhanced NAT that can modify packets depending on whether protocol is SIP, or some other. However, it doesn’t really explain how a SIP phone behind a firewall can receive inbound calls. (UDP sessions are easier than TCP sessions?)

• Manual Configuration
• Tunnel Techniques
• Automatic Channel Mapping

On the practical side of things, Heise Security has a light write-up on how Skype tries different methods, from direct UDP through to probing firewalls in order to tunnel a direct connection between two computers.