Cisco 2851 issue with SCCP over NAT

Kumaran2230 · ‎11-23-2012

Dear All,

Recently i have tested a credit card terminal(wihich using TCP2000 port) for transaction. Transaction failed(even can ping to server) when a private ip assigned to this terminal was NATed(static) to public IP at Metro Ethernet router(CIsco 2851 - ver 12.4(11)T). But transaction is succesful if NAT implemented on another router(Cisco 3660 - Version 12.0(6r)T) which is connected to Metro ethernet router. May i know why cisco SCCP(TCP2000) doesnt work in my metro ethernet router even no problem with accessing internet and able to ping to the credit card server. Is there bug on the IOS version?

Expert please help.

regards.

Daniele Giordano · ‎11-23-2012

TCP 2000 is used as Cisco SCCP (skinny) default port. SCCP is a Cisco proprietary voip signaling protocol.

In fresh IOSs was implemented NAT ALG features for voip signalling protocols like H.323, SIP but also SCCP.

You can try to disable this using "no ip nat service skinny tcp port 2000".

More info here: http://www.cisco.com/en/US/docs/ios-xml/ios/ipaddr_nat/configuration/15-2mt/iadnat-applvlgw.html

Regards.

Kumaran2230 · ‎11-28-2012

Dear Daniele,

Thanks for your reply. I understood that the command you mentioned above is to disable the NAT ALG feature for SCCP voip signalling. Will the transaction(credit card) successful if i disable it?

I haven't tested as im waiting test credit card terminal from the vendor.

Regards.

Kumaran2230 · ‎12-03-2012

Dear Daniele,

Yes its working now. So CISCO ALG working as some kind of firewall which is blocking some features by default. by disabling it its work perfectly.

Thank you very much.

regards.