ANNOUNCEMENT - The community will be down for maintenace this Thursday August 13 from 12:00 AM PT to 02:00 AM PT. As a precaution save your work.
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
299
Views
0
Helpful
2
Replies
Highlighted

Static NAT for RTP

Hello everyone,

there's something I can't really understand...

I have a Cisco router 3845 using static nat to forward voice traffic to an internal PBX ( 192.168.1.2 )

The public IP is 213.248.85.171 :

 

ip nat inside source static tcp 192.168.1.2 5060 213.248.85.171 5060 extendable
ip nat inside source static udp 192.168.1.2 5060 213.248.85.171 5060 extendable
ip nat inside source static tcp 192.168.1.2 5061 213.248.85.171 5061 extendable
ip nat inside source static udp 192.168.1.2 5061 213.248.85.171 5061 extendable
ip nat inside source static udp 192.168.1.2 5063 213.248.85.171 5063 extendable

 

Now, SIP protocol (udp/5060 ) works fine as a nat translation is performed...

I can't understand why RTP (udp/ 16384 to 32767 )also works even without nat rule...( I can call and hear voice from both sides!!)

 

udp 213.248.85.171:27720 192.168.1.2:27720 176.99.242.154:5062 177.95.241.154:5062
udp 213.248.85.171:27721 192.168.1.2:27721 176.99.242.154:5063 177.95.241.154:5063

 

udp RTP range should be unreachable....

How is that possibile?

 

Thank You

2 REPLIES 2
Highlighted
VIP Mentor

Re: Static NAT for RTP

I believe you have global NAT translation, it may be taking care of it, post complete configuration relevant to NAT

BB
*** Rate All Helpful Responses ***
Highlighted

Re: Static NAT for RTP

Here's the complete configuration ( attached ) :

 

There's actually a NAT overload configuration but it should not affect port forwarding...

 

access-list 101 permit ip host 192.168.1.1 any
access-list 101 permit ip host 192.168.1.2 any
access-list 101 permit ip host 192.168.1.10 any
access-list 101 permit ip host 192.168.1.12 any
access-list 101 permit ip host 192.168.1.13 any
access-list 101 permit ip host 192.168.1.14 any
access-list 101 permit ip host 192.168.1.15 any
access-list 101 permit ip host 192.168.1.16 any
access-list 101 permit ip host 192.168.1.19 any
access-list 101 permit ip host 192.168.1.20 any
access-list 101 permit ip host 192.168.1.21 any
access-list 101 permit ip host 192.168.1.22 any
access-list 101 permit ip host 192.168.1.23 any

 

route-map NAT_Avantel permit 100
match ip address 101
match interface GigabitEthernet0/0

route-map NAT_MTS permit 100
match ip address 101
match interface FastEthernet2/0

 

ip nat inside source route-map NAT_Avantel interface GigabitEthernet0/0 overload
ip nat inside source route-map NAT_MTS interface FastEthernet2/0 overload

 

 

Thank you for your reply

 

Content for Community-Ad