Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1948
Views
10
Helpful
8
Replies

Hosted SIP trunking - Public IP for CUCM subscribers - PAT ?

Go to solution
svictoryshanmugam
Level 1
Level 1

‎05-24-2013 03:16 AM - edited ‎03-16-2019 05:29 PM

Dear Folks,

We are planning to pilot hosted sip trunking. Should I just try do a Port Address Translation (with one Public IP) for my CUCM cluster of subscribers and give it to the service provider to be used in their Session Border Controllers.

Thanks Friends...

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
barry
Level 7
Level 7
In response to Gordon Ross

‎05-24-2013 05:31 AM

Hi

Gordon is right (+5), however note that you can do this with a firewall that supports application layer inspection. I've NATd CUCM behind a Cisco ASA firewall that is inspecting SIP and it works fine - no CUBE required. I've also done it with Palo Alto.

Also note that CUBE gives you a lot more flexibility however in terms of configuring the SIP trunk to your ITSP.

Barry Hesk

Intrinsic Network Solutions

View solution in original post

Go to solution
barry
Level 7
Level 7
In response to svictoryshanmugam

‎05-24-2013 06:42 AM

Hi

No you must do static one to one NAT. You can't use PAT as your ITSP will attempt to signal back to you.

Barry Hesk

Intrinsic Network Solutions

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Gordon Ross
Level 9
Level 9

‎05-24-2013 05:03 AM

NAT/PAT and SIP are unhappy bed fellows. This is because NAT/PAT only re-writes the IP packet header addresses. SIP buries the source and destination IP addresses inside the data packets too, which NAT/PAT won't touch.

If you want to expose your CUCM to the outside world, you'll need your own session border controller (e.g. Cisco CUBE)

GTG

Please rate all helpful posts.
0 Helpful

Go to solution
svictoryshanmugam
Level 1
Level 1
In response to Gordon Ross

‎05-24-2013 05:09 AM

Hi Thanks for the reply. In the case of trying out hosted sip trunking where the SBC sits on the service provider.. what is the best possible way of giving the CUCM external IP connectivity.

0 Helpful

Go to solution
Gordon Ross
Level 9
Level 9
In response to svictoryshanmugam

‎05-24-2013 05:12 AM

No - *you* need an SBC to present your CUCM on private IP addresses to the public Internet. The providers SBC is doing the same for their system: Presenting their private SIP system on a public IP address.

GTG

Please rate all helpful posts.

Go to solution
barry
Level 7
Level 7
In response to Gordon Ross

‎05-24-2013 05:31 AM

Hi

Gordon is right (+5), however note that you can do this with a firewall that supports application layer inspection. I've NATd CUCM behind a Cisco ASA firewall that is inspecting SIP and it works fine - no CUBE required. I've also done it with Palo Alto.

Also note that CUBE gives you a lot more flexibility however in terms of configuring the SIP trunk to your ITSP.

Barry Hesk

Intrinsic Network Solutions

Go to solution
Gordon Ross
Level 9
Level 9
In response to barry

‎05-24-2013 05:34 AM

Barry's right. The key thing is that you need a firewall device that looks beyond the IP header layer and understands the application layer.

GTG

Please rate all helpful posts.
0 Helpful

Go to solution
svictoryshanmugam
Level 1
Level 1
In response to barry

‎05-24-2013 05:40 AM

Hello Barry,

Thanks for the reply. I would like to pursue without a CUBE or any SBC and just tryout/pilot few SIP trunk providers who are offering SIP service over Private&Public Network. We have ASA firewall and we can accomplish what you have suggested. I would like to know did you just do one-to-one NATing of all CUCM subs and expose the Public IP or does PAT would do ? Many Thanks for your time.

I thank Gordon for his time.

0 Helpful

Go to solution
barry
Level 7
Level 7
In response to svictoryshanmugam

‎05-24-2013 06:42 AM

Hi

No you must do static one to one NAT. You can't use PAT as your ITSP will attempt to signal back to you.

Barry Hesk

Intrinsic Network Solutions

0 Helpful

Go to solution
svictoryshanmugam
Level 1
Level 1
In response to barry

‎05-24-2013 07:30 AM

Thanks For your help...:-)

Sent from Cisco Technical Support iPhone App

0 Helpful
Customers Also Viewed These Support Documents