Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
581
Views
0
Helpful
1
Replies

NAT SDP Packets within CUBE

alexis.katsavras
Level 1
Level 1

‎05-20-2016 06:06 AM - edited ‎03-17-2019 06:59 AM

Hi there,

I have CUCM-BE running on a BE6000M. The CUBE is also running on this device and the device is in the DMZ.

So set-up is:

CUBE <---DMZ--->F5 firewall <----> ITSP

Note: CUBE is on a private IP address and only one interface is been used

The issue here is that the f5 firewall only dose L3 NAT and the SIP SDP packets are not inspected. Is there a way to do this on the CUBE? If there is no way to do this on the CUBE what are the alternatives?

Thanks

alexis

p.s as a side not is there a better way to deploy this solution?

http://www.netpacket.co.uk/ http://www.blog.netpacket.co.uk/
Labels:
0 Helpful
1 Reply 1

Oswaldo Torres
Level 1
Level 1

‎05-20-2016 09:28 AM

Yes, you can do that on the CUBE, but I recommend you just remove the NAT in the FW, but you dont remove the FW, and just permit specific ports for SIP and RTP.

I have this in my CUBE.(You need CUBE Licence)

voice service voip
ip address trusted list

!I suggest you, put the specific IP CUCM, and IP PSTN.
ipv4 0.0.0.0 0.0.0.0
allow-connections sip to sip

CUCM --- CUBE

dial-peer voice 5001 voip
description DIAL-PEER DE ENTRADA DESDE EL CUCM
session protocol sipv2
session transport tcp
incoming called-number 9.T
voice-class codec 1
no voice-class sip g729 annexb-all
voice-class sip bind control source-interface GigabitEthernet0/0.10
voice-class sip bind media source-interface GigabitEthernet0/0.10
dtmf-relay rtp-nte
no vad
!
dial-peer voice 5002 voip
description DIAL-PEER DE SALIDA HACIA EL CUCM
destination-pattern 811196....
session protocol sipv2
session target ipv4:177.1.10.210
session transport tcp
voice-class codec 1
no voice-class sip g729 annexb-all
voice-class sip bind control source-interface GigabitEthernet0/0.10
voice-class sip bind media source-interface GigabitEthernet0/0.10
dtmf-relay rtp-nte
no vad

CUBE -- ISP

dial-peer voice 6001 voip
description DIAL-PEER DE ENTRADA DESDE PSTN
incoming called-number 811196....
session protocol sipv2
session target ipv4:172.28.114.25
session transport udp
voice-class codec 1
no voice-class sip g729 annexb-all
voice-class sip bind control source-interface GigabitEthernet0/0.901
voice-class sip bind media source-interface GigabitEthernet0/0.901
dtmf-relay rtp-nte

dial-peer voice 6001 voip
description DIAL-PEER DE SALIDA HACIA PSTN
incoming called-number 9.T
session protocol sipv2
session target ipv4:172.28.114.25
session transport udp
voice-class codec 1
no voice-class sip g729 annexb-all
voice-class sip bind control source-interface GigabitEthernet0/0.901
voice-class sip bind media source-interface GigabitEthernet0/0.901
dtmf-relay rtp-nte

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents