NAT_RTP issue

MUHAMMED SHAFI · ‎02-06-2013

Dear All,

I have cisco 2811 router and ADSL module, router directly connected to switch.

Switch its self conected to some server with astrix VoIP box (ip:10.0.0.100)

i enable nat we can acess all sever out side and inside

if i enable nat RTP port range 10000 20000 not working because RTP not extablishing

Please provide Exact NAT RTP range command

below i mensitoned curent configurations

Building configuration...

Current configuration : 7530 bytes

!

! Last configuration change at 08:20:04 UTC Tue Feb 5 2013 by admin

! NVRAM config last updated at 08:09:50 UTC Tue Feb 5 2013 by admin

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

boot-start-marker

boot-end-marker

!

logging buffered 51200 warnings

enable secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY

!

no aaa new-model

!

no ipv6 cef

ip source-route

--More-- ip cef

!

ip domain name yourdomain.com

multilink bundle-name authenticated

!

crypto pki token default removal timeout 0

!

crypto pki trustpoint TP-self-signed-4159471025

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-4159471025

revocation-check none

rsakeypair TP-self-signed-4159471025

!

crypto pki certificate chain TP-self-signed-4159471025

certificate self-signed 01

--More-- 3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030

31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

69666963 6174652D 34313539 34373130 3235301E 170D3132 30393034 31313535

31365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D34 31353934

37313032 3530819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

8100861A 90CEE9A9 EE4E1DB6 8FC0A000 84FB491B 27297AE8 3FBFB45D 54378626

C8422619 F846B037 1FBC468D 5F06CF94 EFC8A9D3 19AF484D 2526B679 65A0A7F4

00069710 115FDD28 67C0D9FF 95972773 663A748F C65052F2 3C75FF9E 4E1DD3B3

8C2A6D8F 11CA8318 CA3044F4 FC930BE9 B403A458 1633E16A 32B7D37E 74B8874B

8EDB0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603

551D2304 18301680 14586A2D D989E216 424857D8 99B2CEFB 036C2BA6 F6301D06

03551D0E 04160414 586A2DD9 89E21642 4857D899 B2CEFB03 6C2BA6F6 300D0609

2A864886 F70D0101 05050003 8181005E E8227570 341563F3 D9302BD0 F0D5DDCF

9AF7EA0B EA0B9AC5 4DB93819 27974779 1CDA4E2D 03CCBA25 2C09949A 02790AC3

96FB398E 90B17509 F24E2E4F 0470C60C 11622781 4BF96699 57E9B69D BC55EB06

A1D95530 BD77D95F 64550DC2 564F84E8 271670E3 280026FE E42D28C8 CFD21B0C

8B337A0C 80589545 5BA36816 C9413D

quit

voice-card 0

!

--More-- !

!

license udi pid CISCO2911/K9 sn FCZ163373HZ

hw-module pvdm 0/0

!

username admin privilege 15 secret 4 juA1o5RbDRVqOM1f7nBr4VVBRvkQQxpufT8ellMlsC2

!

redundancy

!

controller VDSL 0/0/0

!

controller VDSL 0/1/0

!

interface Embedded-Service-Engine0/0

no ip address

shutdown

--More-- !

interface GigabitEthernet0/0

description connected to F/W CORE SW VOIP ISA

ip address 10.0.0.138 255.255.255.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface GigabitEthernet0/2

no ip address

shutdown

duplex auto

speed auto

!

interface ATM0/0/0

no ip address

no atm ilmi-keepalive

--More-- !

interface ATM0/0/0.1 point-to-point

pvc 8/35

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

interface Ethernet0/0/0

no ip address

shutdown

no fair-queue

!

interface ATM0/1/0

no ip address

shutdown

no atm ilmi-keepalive

!

interface Ethernet0/1/0

no ip address

shutdown

!

interface Dialer0

ip address negotiated

ip mtu 1452

--More-- ip nat outside

ip virtual-reassembly in

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap pap callin

ip forward-protocol nd

!

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

!

ip nat inside source list 1 interface Dialer0 overload

ip nat inside source static tcp 10.0.0.137 21 interface Dialer0 21

ip nat inside source static tcp 10.0.0.137 25 interface Dialer0 25

ip nat inside source static tcp 10.0.0.137 80 interface Dialer0 80

ip nat inside source static tcp 10.0.0.137 110 interface Dialer0 110

ip nat inside source static udp 10.0.0.137 110 interface Dialer0 110

ip nat inside source static tcp 10.0.0.137 135 interface Dialer0 135

ip nat inside source static udp 10.0.0.137 135 interface Dialer0 135

ip nat inside source static tcp 10.0.0.137 143 interface Dialer0 143

ip nat inside source static tcp 10.0.0.137 443 interface Dialer0 443

ip nat inside source static tcp 10.0.0.10 500 interface Dialer0 500

ip nat inside source static udp 10.0.0.10 500 interface Dialer0 500

ip nat inside source static tcp 10.0.0.137 993 interface Dialer0 993

ip nat inside source static tcp 10.0.0.137 1723 interface Dialer0 1723

ip nat inside source static tcp 10.0.0.10 4500 interface Dialer0 4500

ip nat inside source static udp 10.0.0.10 4500 interface Dialer0 4500

ip nat inside source static udp 10.0.0.100 4569 interface Dialer0 4569

ip nat inside source static udp 10.0.0.100 5036 interface Dialer0 5036

ip nat inside source static udp 10.0.0.100 5060 interface Dialer0 5060

ip nat inside source static 10.0.0.100 88.201.31.119 route-map RTP extendable

ip route 0.0.0.0 0.0.0.0 Dialer0

!

access-list 1 permit 10.0.0.0 0.0.0.255

access-list 110 permit udp host 10.0.0.100 any range 10000 20000

dialer-list 1 protocol ip permit

!

route-map RTP permit 10

match ip address 110

!

control-plane

!

--More-- !

!

mgcp profile default

!

gatekeeper

shutdown

!

I am waiting for your replay

blau grana · ‎02-19-2013

Hi Muhammed

this might help you.

topology: INET <==> GW <==> HOST

INET#sh int des

Interface Status Protocol Description

Fa0/0 up up GW

Lo0 up up IP:8.8.8.8

INET#sh cdp nei

Device ID Local Intrfce Holdtme Capability Platform Port ID

GW Fas 0/0 163 R S I 3725 Fas 0/0

GW#sh int des

Interface Status Protocol Description

Fa0/0 up up INET

Fa0/1 up up HOST

GW#sh cdp nei

Device ID Local Intrfce Holdtme Capability Platform Port ID

HOST Fas 0/1 122 R S I 3725 Fas 0/0

INET Fas 0/0 172 R S I 3725 Fas 0/0

HOST#sh int des

Interface Status Protocol Description

Fa0/0 up up GW

HOST#sh cdp nei

Device ID Local Intrfce Holdtme Capability Platform Port ID

GW Fas 0/0 171 R S I 3725 Fas 0/1

Configuration of nat on GW:

GW#sh ip int brie

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 100.0.0.2 YES manual up up

FastEthernet0/1 192.168.0.1 YES manual up up

ip nat pool PORTFWD 192.168.0.10 192.168.0.10 netmask 255.255.255.0 type rotary

ip nat inside source route-map NAT-MAP interface FastEthernet0/0 overload

ip nat inside destination list 100 pool PORTFWD

ip access-list extended NAT_ACL

permit ip 192.168.0.0 0.0.0.255 any

!

access-list 100 permit udp any any range 10000 20000

access-list 100 permit tcp any any range 15 200

!

route-map NAT-MAP permit 10

match ip address NAT_ACL

I tested this configuration with tcp packets and it was working fine, so hopefully UDP will be same.

INET#telnet 100.0.0.2

Trying 100.0.0.2 ... Open

User Access Verification

Username: cisco

Password:

HOST>exit

[Connection to 100.0.0.2 closed by foreign host]

INET#

Let us know if this helped you.

Best Regards

Please rate helpful posts

Best Regards Please rate all helpful posts and close solved questions