07-11-2020 04:44 AM
Hello everyone,
there's something I can't really understand...
I have a Cisco router 3845 using static nat to forward voice traffic to an internal PBX ( 192.168.1.2 )
The public IP is 213.248.85.171 :
ip nat inside source static tcp 192.168.1.2 5060 213.248.85.171 5060 extendable
ip nat inside source static udp 192.168.1.2 5060 213.248.85.171 5060 extendable
ip nat inside source static tcp 192.168.1.2 5061 213.248.85.171 5061 extendable
ip nat inside source static udp 192.168.1.2 5061 213.248.85.171 5061 extendable
ip nat inside source static udp 192.168.1.2 5063 213.248.85.171 5063 extendable
Now, SIP protocol (udp/5060 ) works fine as a nat translation is performed...
I can't understand why RTP (udp/ 16384 to 32767 )also works even without nat rule...( I can call and hear voice from both sides!!)
udp 213.248.85.171:27720 192.168.1.2:27720 176.99.242.154:5062 177.95.241.154:5062
udp 213.248.85.171:27721 192.168.1.2:27721 176.99.242.154:5063 177.95.241.154:5063
udp RTP range should be unreachable....
How is that possibile?
Thank You
07-11-2020 02:17 PM
I believe you have global NAT translation, it may be taking care of it, post complete configuration relevant to NAT
07-11-2020 11:57 PM - edited 07-12-2020 12:02 AM
Here's the complete configuration ( attached ) :
There's actually a NAT overload configuration but it should not affect port forwarding...
access-list 101 permit ip host 192.168.1.1 any
access-list 101 permit ip host 192.168.1.2 any
access-list 101 permit ip host 192.168.1.10 any
access-list 101 permit ip host 192.168.1.12 any
access-list 101 permit ip host 192.168.1.13 any
access-list 101 permit ip host 192.168.1.14 any
access-list 101 permit ip host 192.168.1.15 any
access-list 101 permit ip host 192.168.1.16 any
access-list 101 permit ip host 192.168.1.19 any
access-list 101 permit ip host 192.168.1.20 any
access-list 101 permit ip host 192.168.1.21 any
access-list 101 permit ip host 192.168.1.22 any
access-list 101 permit ip host 192.168.1.23 any
route-map NAT_Avantel permit 100
match ip address 101
match interface GigabitEthernet0/0
route-map NAT_MTS permit 100
match ip address 101
match interface FastEthernet2/0
ip nat inside source route-map NAT_Avantel interface GigabitEthernet0/0 overload
ip nat inside source route-map NAT_MTS interface FastEthernet2/0 overload
Thank you for your reply
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide