NAT-ing RTP to more than one server

remi-reszka · ‎12-19-2012

Hi there,

Is it possible to configure NAT on Cisco router for the following scenario?

I have 2 or more SIP servers behind NAT and I need to enable UDP por forwarding to each of those servers for RTP traffic (say port range UDP:10000-20000). I have a one public IP address and already have a PAT in place on the extarnal interface to enable Internet access for the servers and some static NAT for HTTPS and SIP access to those servers from outside. Now I need to forward UDP traffic to those servers from outside.

Would that be possible? Please share any working configs.

Thanks,

Remi

bharat.rajwanshi · ‎12-19-2012

Do you have free IPs for WAN Pool? if yes the use below commands to do static NAT with servers -

Note- Cisco Config -

# conf t

# ip nat inside source static 10.1.1.1(Lan Server IP) 192.168.1.1 (Free WAN IP)

remi-reszka · ‎12-19-2012

Thanks for your suggestion but I am afraid I don´t understand what you mean.

bharat.rajwanshi · ‎12-19-2012

But question is what Cisco device you using for doing NAT, is it Cisco Router or Firewall? so that config can be suggested..

remi-reszka · ‎12-19-2012

It says in my post, second line - router.

Thanks.

bharat.rajwanshi · ‎12-19-2012

okay,

your requirement is doing Satatic NAT on Router with WAN IP, suppose you have SIP server IP in LAN is 10.1.1.1 and suppose you have free WAN ip for internet is 192.168.1.1, so you just have to NAT the LAN IP with free WAN IP per below command e.g. - if you want exact command then can you help with your Free IP for WAN pool and SIP Server IP? also command from your router "show ip int brief"

# conf t

# ip nat inside source static 10.1.1.1 192.168.1.1

bharat.rajwanshi · ‎12-19-2012

and also dont forget to use below commands under router interfaces -

under wan interface - e.g.

# int gi0/0

# ip nat outside

&

under LAN interface - e.g.

# int gi0/1

# ip nat inside

remi-reszka · ‎12-19-2012

OK, to be more specific, these are my servers:

ip nat inside source static udp 10.2.100.37 5060 interface 176.134.200.22 5060

ip nat inside source static udp 10.2.100.38 5060 interface 176.134.200.22 5061

ip nat inside source static udp 10.2.100.39 5060 interface 176.134.200.22 5062

ip nat inside source static tcp 10.2.100.37 443 interface 176.134.200.22 443

ip nat inside source static tcp 10.2.100.38 443 interface 176.134.200.22 8443

ip nat inside source static tcp 10.2.100.39 443 interface 176.134.200.22 9443

access-list 101 permit udp any any range 10000 20000

route-map SIP_MEDIA permit 10

match ip address 101

ip nat inside source static 10.2.100.37 176.134.200.22 route-map SIP_MEDIA extendable

ip nat inside source route-map PAT_ROUTING interface FastEthernet0/0 overload

PAT_ROUTING is just a routing map that includes allowed internal IPs through NAT.

This config works. The problem with that I can assign this NAT statement only to one internal server, can´t repeat it to all other servers.

Any other suggestions?

bharat.rajwanshi · ‎12-19-2012

Yeah Right,

The static NAT/PAT will possible for single-to-signle IP but it wont work for same WAN IP (Port) to different LAN IP for same Port, yes, if your SIP server can use different port for other SIP servers then you may try binding on differet port on same WAN IP.

remi-reszka · ‎12-19-2012

Anybody else has any other suggestions please?

Thanks in advance.