Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
475
Views
0
Helpful
3
Replies

NATing for SIP

Chaitanya Krishna Narra
Level 1
Level 1

‎03-08-2014 08:24 PM - edited ‎03-04-2019 10:32 PM

Hi All,

 

I need to implement NATing in 1941/2911 router to send my voice traffic to SIP proxy. So, my service provider suggests me to implement SIP based NATing in my router.

 

My private IP - 192.168.100.23

My public IP - 172.25.0.83

Traffic type - udp

Port Number - 5060

 

Please help me to configure this SIP based NATing in my router with an example configuration.

Labels:
0 Helpful
3 Replies 3

Julio Carvajal
VIP Alumni
VIP Alumni

‎03-08-2014 09:27 PM

Hi,

 

First of all I would not recommend posting the public IP address on a public site such as this so lets change that please.

 

Now back to the discussion, let' say your Public ip is 8.8.8.8.

 

The thing with Dynamic protocols such as SIP,H323,etc is that they will use a Control Channel in order to open the data channel.

 

So with SIP the signaling traffic will go over port 5060 and then the RTP session will be used to exchange the audio communication.

So this is where the NAT issue comes in place as you are only natting port 5060, without having a device able to NAT the RTP ports dinamically you will have issues,

So what options do u have?

1) My favorite one and of coure the expensive: Get a dedicate IP address for the SIP so you can perform a one to one tranlation (No need to play with the ports)

 

2) Determine what range of ports you will need to open and then start writting all of the Port-Forwarding NATs.

 

Let me know if you have any other question,

 

Regards,

 

Jcarvaja

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Chaitanya Krishna Narra
Level 1
Level 1
In response to Julio Carvajal

‎03-09-2014 01:07 AM

Hi Julio,

Thaks for you responce.

As per my scenario (attached in this post), i have created a general static NAT to forword my traffic from private to public network. With this i can able to make calls and calls are getting connected, but only outgoing traffic is forwording not incoming traffic.

Problem description - If i make a call, the people can able to hear my voice. but, i unable to hear the other persons Voice.

Performed static NAT -

#interface loopback 0

  ip address 10.10.10.1

 

#ip nat inside source static 192.168.100.23 10.10.10.2

 

#interface gi0/0

  ip nat outside

 

#interface gi 0/1

  ip nat inside

 

I explained about this issue i am facing to my service provoider and my vendor cisco TAC also. They are suggesting me to implement SIP based NATing instead of general static NAT.

 

Please help me on this.

Preview file
188 KB
0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to Chaitanya Krishna Narra

‎03-09-2014 06:24 PM

Hello,

What is that Loopback interface doing there?

That static nat you have there should NAT all traffic so no issues should appear, do u have any kind of FW or ACL in place?

 

You could try enabling the SIP ALG NAT translation feature with the command

 

ip nat  service sip udp port 5060

 

Regards,

 

 

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card