Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1860
Views
0
Helpful
2
Replies

Static NAT for RTP

AlessandroSansone13508
Level 1
Level 1

‎07-11-2020 04:44 AM

Hello everyone,

there's something I can't really understand...

I have a Cisco router 3845 using static nat to forward voice traffic to an internal PBX ( 192.168.1.2 )

The public IP is 213.248.85.171 :

 

ip nat inside source static tcp 192.168.1.2 5060 213.248.85.171 5060 extendable
ip nat inside source static udp 192.168.1.2 5060 213.248.85.171 5060 extendable
ip nat inside source static tcp 192.168.1.2 5061 213.248.85.171 5061 extendable
ip nat inside source static udp 192.168.1.2 5061 213.248.85.171 5061 extendable
ip nat inside source static udp 192.168.1.2 5063 213.248.85.171 5063 extendable

 

Now, SIP protocol (udp/5060 ) works fine as a nat translation is performed...

I can't understand why RTP (udp/ 16384 to 32767 )also works even without nat rule...( I can call and hear voice from both sides!!)

 

udp 213.248.85.171:27720 192.168.1.2:27720 176.99.242.154:5062 177.95.241.154:5062
udp 213.248.85.171:27721 192.168.1.2:27721 176.99.242.154:5063 177.95.241.154:5063

 

udp RTP range should be unreachable....

How is that possibile?

 

Thank You

Labels:
0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎07-11-2020 02:17 PM

I believe you have global NAT translation, it may be taking care of it, post complete configuration relevant to NAT

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

AlessandroSansone13508
Level 1
Level 1
In response to balaji.bandi

‎07-11-2020 11:57 PM - edited ‎07-12-2020 12:02 AM

Here's the complete configuration ( attached ) :

 

There's actually a NAT overload configuration but it should not affect port forwarding...

 

access-list 101 permit ip host 192.168.1.1 any
access-list 101 permit ip host 192.168.1.2 any
access-list 101 permit ip host 192.168.1.10 any
access-list 101 permit ip host 192.168.1.12 any
access-list 101 permit ip host 192.168.1.13 any
access-list 101 permit ip host 192.168.1.14 any
access-list 101 permit ip host 192.168.1.15 any
access-list 101 permit ip host 192.168.1.16 any
access-list 101 permit ip host 192.168.1.19 any
access-list 101 permit ip host 192.168.1.20 any
access-list 101 permit ip host 192.168.1.21 any
access-list 101 permit ip host 192.168.1.22 any
access-list 101 permit ip host 192.168.1.23 any

 

route-map NAT_Avantel permit 100
match ip address 101
match interface GigabitEthernet0/0

route-map NAT_MTS permit 100
match ip address 101
match interface FastEthernet2/0

 

ip nat inside source route-map NAT_Avantel interface GigabitEthernet0/0 overload
ip nat inside source route-map NAT_MTS interface FastEthernet2/0 overload

 

 

Thank you for your reply

 

Preview file
7 KB
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card