Showing results for 
Search instead for 
Did you mean: 

NAT for Call Manager


Is it recommended to use NAT on VoIP. I have two seperate cluster one for cisco call manager and other for Avaya. We are integrating both the setups(h323). Is it ok to use NAT. Can someone provide me a document which helps in this reference.

For what reason people do not recommend it in the network, or is it the same that you do not register your call managers with the domain server. Look forward to hear.


Humayun Sami.

5 Replies 5

paolo bevilacqua
Hall of Fame Master Hall of Fame Master
Hall of Fame Master

No, it is NOT OK to use NAT for Voip and / or CM.

If you do that, you will run into many, many problems, and realize a poor design.

Steven Holl
Cisco Employee
Cisco Employee

If you can get by with not using NAT, it is preferred from the perspective of having less complexity, hence less things to go wrong.

That being said, NAT should work fine.  There are some gotchas with SCCP v17 and NAT on some platforms, though.  And there's an IOS NAT bug that it can't handle multiple c lines.

If you need to hide addresses between sites, you could use a CUBE with media flow-through.

To add to that, many 3rd party devices are lacking SCCP support for inspection when doing NAT.  While some 3rd parties can inspect SCCP packets their support is almost always behind what Cisco devices will support (in terms of newer SCCP versions).

Thank everyone, I have a question here, lets say that we can get it to work with using NAT. I wanted to understand the design that how does the IP to IP (Call Manager to Manager) and phone to phone connectivity works. As in my knowledge we have separate IP’s for Call Manager. My question is in respect to the RTP session establishment.

I understand it with that we can provide NAT’d addresses to Call Managers, how will the Phone work here. Even if we have NAT’d the phones subnet as well. To create RTP session phones will definitely have direct session established. Can you please make me understand the design working here in regards to the phone communication and RTP session establishment.

Humayun Sami

So keep in mind that typically media won't go through CM, and the media will be directly between the IP phones or phone and gateway for calls.  Unless you invoke an MTP for the call, in which each side will talk to the MTP.

The only time NAT needs to come into play here is:

* If one of the endpoints is on the other side of the NAT boundary.  The RTP addresses and media information in the SCCP packet need to be inspected.

* If CM is on the other side of the NAT boundary, so that the media information in the SCCP packet contains an address which the endpoint is able to reach.

Essentially, just make sure that every device doing NAT where SCCP or RTP traffic traverses has the capability to do SCCP fixup/inspection.  Which typically means it needs to be a Cisco device, since SCCP isn't an open standard, so most companies don't support NAT fixup/inspection with SCCP.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers