Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1332
Views
10
Helpful
6
Replies

Voice - NAT & PAT

netbeginner
Level 2
Level 2

‎12-30-2015 12:40 PM - edited ‎03-17-2019 05:22 AM

Hi All,

Would like to know, whether use of NAT and PAT is advisable for building Voice Network .

As far as understanding on NAT, Same is not recommended to use with Voice Network. But for PAT I do no hve any clarity.

Request to please share thoughts and if possible please share some documentation on this also.

Rgds

*** 

Labels:
0 Helpful
6 Replies 6

Gordon Ross
Level 9
Level 9

‎12-30-2015 01:49 PM

Generally, NAT & PAT don't work with VoIP systems. CallManager doesn't support them.

GTG

Please rate all helpful posts.

Carlo Poggiarelli
VIP
VIP
In response to Gordon Ross

‎12-30-2015 02:32 PM

Hi,

As Gordon correctly stated, nat and pat are not recommend in a voice environment.

There are some cases where they are necessary for example a small business customer having a single public IP and wants implement MRA.

In that case reversible nat could help providing dynamic port allocation even to incoming traffic.

For further info of mentioned feature 

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/15-mt/nat-15-mt-book/iadnat-rmap-outin.html

HTH

Regards

Carlo

Please rate all helpful posts "The more you help the more you learn"
0 Helpful

netbeginner
Level 2
Level 2
In response to Carlo Poggiarelli

‎12-30-2015 08:59 PM

Thxns Gordon , Vivek & Carlo for suggestion.

Aside Carlo : I am not finding in shared document that NAT or PAT is not recommended to use for Voice Setup.

Pl elaborate.

0 Helpful

Marcelo Morais
VIP
VIP
In response to netbeginner

‎12-30-2015 09:35 PM

Hi,

 please, take a look at the following link: Voice-NAT.

Hope this helps

0 Helpful

Vivek Batra
VIP Alumni
VIP Alumni
In response to netbeginner

‎12-30-2015 10:43 PM

Couple of good documents to see;

http://kb.smartvox.co.uk/voip-sip/sip-nat-problem/

http://startrinity.com/VoIP/Resources/sip26.pdf

https://www.ingate.com/files/Solving_Firewall-NAT_Traversal.pdf

http://www.n2net.net/agent-blog/sip-and-nat.-why-it-can-be-a-problem-and-how-to-fix-it.

- Vivek

0 Helpful

Vivek Batra
VIP Alumni
VIP Alumni

‎12-30-2015 08:31 PM

If your question is specific to Cisco environment, then Gordon and Carlo has been specified the same.

Otherwise in standard VoIP and specifically standard SIP environment when used over WAN, you will frequently see NAT and PAT being used when SIP messages are transported over WAN. Two most frequently deployments you will ever see;

1. Terminals (deskphones) are behind the NAT

Considering branch office having only one public IP address deployed with IP Phones, all SIP messages sent to IP PBX (or Call Manager) will go through NAT and PAT being applied. This is same as for any data packet. VoIP packets are not different here.

For example, IP address assigned to Phone is 192.168.1.1 (and SIP Port 5060) and enterprise public IP is 1.1.1.1. When SIP REGISTER message passes through NAT router and reaches IP PBX, IP PBX will see the source IP as 1.1.1.1 and source port as <any port PATted by enterprise router>. While inside the SIP REGISTER message, you will still see IP and port as 192.168.1.1 and 5060.

Standard SIP based IP PBX's are smart enough to detect that UA is behind the NAT and ignore the IP headers used inside the SIP message and capture real network IP for further communication. In result, IP PBX will store UA address as 1.1.1.1 (and patted port) instead of 192.168.1.1:5060 in location service. Now when IP PBX needs to place call to that UA, it will send the call to 1.1.1.1 (and patted port). Since router will already be having NAT/PAT binding, it will route the packet (INVITE) back to the phone.

Same is applicable for SDP as well. IP PBX ignores the SDP IP address and use the real (natted) IP address for RTP setup. But in that case, direct RTP between the two phones won't be possible (unless other mechanism like TURN, ICE etc are not used) and IP PBX will have to relay the RTP with itself.

Since SIP by default works on UDP and UDP NAT bindings are likely to expire in 600 sec (or less) whereas default SIP registration timer is 3600 sec, IP PBX intelligently returns shorter duration in 200 OK (mostly 120 to 300 sec) for registration so that phone will keep sending REGISTER message which results NAT binding being refreshed.

2. SIP Trunking

Most of the SIP trunking provider takes care of those clients which are located behind the NAT. When you take services from provider like Vonage etc, they provide you small piece of adapter (ATA) which is installed behind the NAT in most of the cases. Here, service provider network takes care of SIP messages in the same way what IP PBX was doing in the previous example.

- Vivek

0 Helpful
Customers Also Viewed These Support Documents