01-17-2013 10:51 AM - edited 03-11-2019 05:48 PM
Hello All,
Quick question. I have a PBX (10.0.30.253) on the network at a remote location and the telecoms company setup a SIP trunk. I have Nat'd the ports as requested but they are saying the PBX doesn't register.
Can someone advise how I can monitor through IOS what ports the PBX is trying to use? Can I monitor the NAT statements or the access-list to see what is/isn't forwarding from 10.0.30.253?
ip nat pool PRTFWD 10.0.30.253 10.0.30.253 netmask 255.255.255.0 type rotary
ip nat inside source static udp 10.0.30.253 5060 interface Dialer1 5060
ip nat inside source static tcp 10.0.30.253 5060 interface Dialer1 5060
ip nat inside destination list 190 pool PRTFWD
!
access-list 190 permit udp any any range 10000 20000
access-list 190 permit tcp any any range 10000 20000
Thanks in advance for any pointers
Dave
01-18-2013 02:35 AM
Hi David,
The easiest way to do this is to have a permit access list with logs enabled.
you can create,
access-list 200 permit ip host 10.0.30.253 any log
You can simply apply this ACL inbound on the router's LAN interface ( your PBXs' Default GW ) and check for logs.. Router will log all the packets PBX is sending out.. ( if you are not consoling in to the router make sure you have "terminal monitor" turned on so you can see the logs over the SSH/Telnet session..
Let me know if you have more queries on this.
Please rate helpful posts..
Shamal
01-18-2013 02:43 AM
Hi David,
I do not see your interface NAT config, if you use classic nat you can monitor NAT translations:
"show ip nat translations"
If you use NVI nat:
"show ip nat nvi translations"
Are you sure that your RTP sessions use port range 10k-20k ?
You can also try to sniff packets using embedded packet capture:
Then you will know for sure if packets arrived at router interface and what were the port numbers.
But this is just for dynamic translations for RTP streams, and:
"they are saying the PBX doesn't register" incidate that we have problems with registration via SIP.
It mean that we have problem with port 5060. If you try to telnet to port DIALER1_IP port 5060 from outside network (dialer1) - is it working ?
--
Michal
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide