Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1429
Views
0
Helpful
3
Replies

Cisco 881 UDP 10000-20000 Range Port forwarding

zafarovskiy1
Level 1
Level 1

‎06-22-2016 01:22 PM - edited ‎03-05-2019 04:17 AM

Hi. I need help to port forwarding on cisco 881. The local address of my PBX is 192.168.203.10 and I have a white extarnal ip address X.X.X.X. So with the local users no problems. but i have a user out of my office which i need toconnect to my PBX. I forwarded the SIP ports like this "ip nat inside source static udp 192.168.204.10 5060 interface fastethernet 4", "ip nat inside source static tcp 192.168.203.10 5060 interface fastethernet 4". Everything ok with registration and calls, but i have problems with voice and i don't know what to do udp forwarding rang 10000-20000 Asterisk.

What i tried.

I tried to solve the problem with ACL but no success.

Also i found that, there is no need to open ports for the rtp 10000-20000, would be enough to open 5060 UDP and TCP to my PBX local addres, and need to turn on NAT service "ip nat service sip udp port 5060" also to do this "

ip inspect name VOIP sip

interface FastEthernet4

ip inspect VOIP in

"

But also no success.

And I'm in standstill. Is there any easy way to solve the problem? 

Here is my configuration. I have configured dual ISP. On Interface 4  first ISP and on Interface 3 I have the second ISP.

version 15.1
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service udp-small-servers
!
hostname elektrodnaya
!
boot-start-marker
boot-end-marker
!
!
!
aaa new-model
!
!
!
!
!
!
!
aaa session-id common
!
memory-size iomem 10
clock timezone MSK 4 0
crypto pki token default removal timeout 0
!
!
ip source-route
!
!
!
ip dhcp excluded-address 192.168.203.1 192.168.203.120
!
ip dhcp pool LAN
import all
network 192.168.203.0 255.255.255.0
default-router 192.168.203.1
dns-server 77.88.8.8 77.88.8.1 8.8.8.8 4.4.4.4
!
!
ip cef
ip domain name elektrodnaya.p-call.ru
no ipv6 cef
!
!
multilink bundle-name authenticated
license udi pid CISCO881-K9 sn FCZ174691WV
license accept end user agreement
license boot module c880-data level advipservices
!
!
username zafar privilege 15 secret 5 $1$DE4w$jMelslCUixBZaOCCyF/8A0
!
!
!
!
ip ssh authentication-retries 4
ip ssh version 2
!
track 11 ip sla 100 reachability
delay down 10 up 30
!
!
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
switchport access vlan 2
!
interface FastEthernet4
ip address 4.3.3.1 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
ntp disable
!
interface Vlan1
ip address 192.168.203.1 255.255.255.0
ip accounting output-packets
ip nat inside
ip virtual-reassembly in
!
interface Vlan2
ip address 1.1.6.1 255.255.255.240
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly in
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip nat inside source static tcp 192.168.203.10 22 interface FastEthernet4 2222
ip nat inside source static tcp 192.168.203.250 37777 interface FastEthernet4 8084
ip nat inside source static udp 192.168.203.250 37777 interface FastEthernet4 8084
ip nat inside source static tcp 192.168.203.250 80 interface FastEthernet4 8083
ip nat inside source static tcp 192.168.203.146 3389 interface FastEthernet4 3389
ip nat inside source static tcp 192.168.203.10 5060 interface FastEthernet4 5060
ip nat inside source static udp 192.168.203.10 5060 interface FastEthernet4 5060
ip nat inside source route-map isp1 interface FastEthernet4 overload
ip nat inside source route-map isp2 interface Vlan2 overload
ip route 0.0.0.0 0.0.0.0 4.3.3.1 track 11
ip route 0.0.0.0 0.0.0.0 1.1.6.7 254
!
ip access-list extended acl_nat_rules
permit ip 192.168.203.0 0.0.0.255 any
ip access-list extended acl_out
permit ip any host 192.168.203.10
!
ip sla 100
icmp-echo 4.3.3.1 source-interface FastEthernet4
frequency 5
ip sla schedule 100 life forever start-time now
logging esm config
!
!
!
!
route-map isp2 permit 10
match ip address acl_nat_rules
match interface Vlan2
!
route-map isp1 permit 10
match ip address acl_nat_rules
match interface FastEthernet4
!
!
!
control-plane
!
!
line con 0
no modem enable
line aux 0
line vty 0 4
privilege level 15
transport input telnet ssh
!
event manager applet isp1_UP
event track 11 state up
action 001 cli command "enable"
action 002 cli command "clear ip nat trans *"
action 004 cli command "end"
action 005 cli command "exit"
event manager applet isp1_DOWN
event track 11 state down
action 001 cli command "enable"
action 002 cli command "clear ip nat trans *"
action 004 cli command "end"
action 005 cli command "exit"
!
end

Labels:
0 Helpful
3 Replies 3

jgauchan
Level 1
Level 1

‎05-20-2024 06:48 AM

Hi,

did you mange to solve this issue? I am facing the similar issue with port range and wihout range it we will have to add like 500+ ports 

0 Helpful

MHM Cisco World
VIP
VIP
In response to jgauchan

‎05-20-2024 06:52 AM

Make new port it better 

MHM

0 Helpful

jgauchan
Level 1
Level 1
In response to MHM Cisco World

‎05-20-2024 06:54 AM

Thank you for the reponse, do you mean make  500+ port  entry on the router?

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card