Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
722
Views
0
Helpful
1
Replies

ASR1K XE3.2 IOS15.1(1)S - NAT ALG for SIP kicks in without full config

BENJAMIN TAN
Level 1
Level 1

‎01-30-2011 07:15 AM - edited ‎03-04-2019 11:15 AM

Anyone seeing strange SIP behaviour with an ASR1K in the packet path EVEN THOUGH it is supposed to just be routing packets? I'm NOT talking about using the ASR1K as an SBC or NAT ALG for Hosted NAT traversal. Just having the packets pass through the ASR1K on an interface with "ip nat outside" configured will screw up the SIP packets - they get inspected and fudged - EVEN THOUGH the nat ACL doesn't match and EVEN IF there is no "ip nat inside .... " at all.

I have this setup as fully reproducible: ASR1002 ESP5 running XE3.2 (which is IOS 15.1(1)S AdvIPServicesK9).

Setup is: PSTN PRI connected to AS5400XM (IOS 12.4(24)T2) -> SIP Proxy Server (OpenSER with MediaProxy) -> ASR1K -> "Internet cloud" -> SIP end device (PAP2T).

On the ASR1K, just add the line "ip nat outside" to the interface facing the SIP Proxy. Nothing else need be added.

You'll see that ICMP, traceroute, http (to admin page) of the PAP2T work just fine still from the SIP server.

BUT SIP INVITE by the SIP Server to the PAP2T will not be passed through (I'm sending a call from PSTN to the PAP2T).

BUT IF either (1) remove the "ip nat outside"; or (2) "no ip nat service sip udp port 5060" - everything works fine.

debug ip nat ACLX detail shows nothing but SOMETHING is happening!

TAC case opened...

Labels:
0 Helpful
1 Reply 1

BENJAMIN TAN
Level 1
Level 1

‎02-15-2011 11:20 PM

Confirmed bug.

I'm surprised no one else has hit it yet!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card