Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1124
Views
0
Helpful
8
Replies

need help for ACL and NAT for VoIP

trinhphanle
Level 1
Level 1

‎02-24-2014 09:32 AM - edited ‎03-16-2019 09:53 PM

Dear experts

I configure my PBX server to work with one VoIP provider. When I put the server in blank network, mean that without VLANs.

The IP PBX server can register to the VoIP provider system normally and I can make call out and receive calls normally.

However, when I put the PBX behind the Cisco router with some configuration. The PBX cannot register with the VoIP provider system.

Eventhough I can receive calls from outside but can not make a call from inside to outside, because of the PBX cannot register.

Could you please help me to point out what is wrong with my Cisco router configuration.

Thanks a lot

Building configuration...

Current configuration : 1982 bytes

!

! Last configuration change at 17:18:27 UTC Mon Feb 24 2014

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

!

enable secret 5 $1$ZJEF$8np0QvQTD1nTaOosa9yGW1

!

no aaa new-model

memory-size iomem 20

!

no ipv6 cef

ip source-route

ip cef

!

!

!

!

!

multilink bundle-name authenticated

!

!

crypto pki token default removal timeout 0

!

!

license udi pid CISCO2911/K9 sn FTX1603AH9C

!

!

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

!

interface GigabitEthernet0/0

description internal-LAN

ip address x.x.x.4 255.255.0.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/1

no ip address

duplex auto

speed auto

!

interface GigabitEthernet0/1.1

encapsulation dot1Q 11

ip address 172.x.x.1 255.255.240.0

!

interface GigabitEthernet0/2

description internet

ip address 50.x.x.93 255.255.x.x

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip nat inside source list 100 interface GigabitEthernet0/2 overload

ip nat inside source static udp x.x.x.8 5060 50.x.x.93 5060 extendable

ip route profile

ip route 0.0.0.0 0.0.0.0 50.x.x.94

ip route 172.16.240.0 255.255.x.0 x.x.x.5

ip route 172.16.242.0 255.255.x.0 x.x.x.5

!

access-list 100 permit ip x.x.0.0 0.0.255.255 any

access-list 100 permit ip 172.16.240.0 0.0.0.255 any

access-list 100 permit ip 172.16.242.0 0.0.0.255 any

access-list 100 permit udp any any range 5004 5090

access-list 100 permit udp any any range 10000 20000

!

!

!

control-plane

!

!

!

line con 0

Labels:
0 Helpful
8 Replies 8

Sreekanth Narayanan
Cisco Employee
Cisco Employee

‎02-24-2014 10:21 AM

I think you would be better off asking this question also in the NAT/ACL discussion boards since the Cisco router is not doing anything with respect to voice. It is only forwarding packets between the IP PBX and the provider.

Sorry for not being more useful

0 Helpful

trinhphanle
Level 1
Level 1
In response to Sreekanth Narayanan

‎02-24-2014 11:23 AM

Thanks

0 Helpful

moataz_mamdouh
Level 1
Level 1

‎02-24-2014 12:40 PM

What do u mean by a blank network ?

Sent from Cisco Technical Support iPhone App

0 Helpful

trinhphanle
Level 1
Level 1
In response to moataz_mamdouh

‎02-24-2014 12:45 PM

I meant that when I put the PBX system to the network without VLANs, the IP PBX can register normally.

But if I put it into the network with router have NAT and ACLs. The PBX cannot register, eventhough everything is normal, users can access internet.

I can recieve calls, but the PBX cannot register with the VoIP provider system to make call out. And the provider cannot receive any packets from us.

Thanks

0 Helpful

moataz_mamdouh
Level 1
Level 1

‎02-24-2014 11:20 PM

What is the inside IP address of the PBX , is it behind giga 0/0 or gigs 0/1.1

If it is behind gi0/1.1 then you are missing ip nat inside under the subinterface

Sent from Cisco Technical Support iPhone App

0 Helpful

trinhphanle
Level 1
Level 1
In response to moataz_mamdouh

‎02-25-2014 07:35 AM

Thanks

It is behind 0.0. And the NAT is correct. Users can go through internet normally, and we can call from outside to inside, but cannot call from in to out because of no registration between us and VoIP system provider.

Thanks

0 Helpful

Gordon Ross
Level 9
Level 9

‎02-24-2014 11:44 PM

You really don't want to use NAT with SIP. Odds are it won't work. This is because SIP embeds hostnames/IP Addresses inside the packets, and standard NAT does not look inside packets.

If you want a NAT-type functionality for SIP, you need something called a session border controller. Look up Cisco CUBE

http://www.cisco.com/c/en/us/products/unified-communications/unified-border-element/index.html

https://supportforums.cisco.com/docs/DOC-17964

http://www.cisco.com/c/en/us/support/docs/voice-unified-communications/unified-border-element/99863-cube-config.html

GTG

Please rate all helpful posts.

Please rate all helpful posts.
0 Helpful

trinhphanle
Level 1
Level 1
In response to Gordon Ross

‎02-25-2014 07:37 AM

Thanks for your help

Do you mean that I do not need to NAT for port 5060?

I will try.

Thanks

0 Helpful
Customers Also Viewed These Support Documents