NAT/SIP shows outside IP address in SIP packets on the inside interface
I'm struggling with a NAT/SIP config I'm working on (on a 800 serie, running 15.3(3)M6)). NAT and routing are working fine, but I sometimes see the outside IP address in the SIP packets on the inside interface.
I have a PC with an IP phone connected to the NAT router, itself connected to the customer's backbone. The NAT works flawlessly, the PC gets an IP address (in a privaate range) and can reach the voice server (InIn).
I ran a sniffer trace on both sides of the NAT to get an idea of what seems wrong :
On the outside interface, the SIP traffic shows no signs of the private IP address, so it looks like the SIP inspection is working fine from inside to outside.
However, on the incoming direction, I sometimes see the outside IP address in some SIP packets, and not the inside one.
It seems to affect mostlyl signalling : voice goes through bidirectionally, but setting up a call from the soft phone to a test mobile first times out (30s) before the automatic redial successfully goes through.
I've tried to change the "ip nat service sip udp port ..." to point to 5060 or to 8060, to no avail. So it looks like the SIP inspection works ... sometimes only ? (found no bugs yet that would match this behaviour)
The relevant part of the config is :
ip dhcp pool MyDHCPPool network 192.168.0.128 255.255.255.128 default-router 192.168.0.129 dns-server 10.10.10.20 domain-name nat-sub.com lease 0 2 ! interface FastEthernet4 ip address 10.10.20.2 255.255.255.128 ip nat outside ip virtual-reassembly in ip virtual-reassembly out duplex auto speed auto ! interface Vlan1 ip address 192.168.0.129 255.255.255.128 ip nat inside ip inspect VOIP in ip virtual-reassembly in ip virtual-reassembly out ! ip nat service sip udp port 8060 ip nat pool NatPool 10.10.20.130 10.10.20.254 netmask 255.255.255.128 ip nat inside source list 1 pool NatPool ip route 0.0.0.0 0.0.0.0 10.10.20.1 ip route 192.168.0.128 255.255.255.128 Vlan1 ! access-list 1 permit 192.168.0.0 0.0.0.255
Some of you may have watched the session at Cisco’s first all-digital Cisco Live and I hope you found it helpful. This is the first in a series of companion blogs that will later cover in more detail the topics discussed in the session today. ...
CCO documentation lists out the ability to do a password recovery for eXR with a ZTP/PXE boot.
One can also perform the operation manually, like a "turboboot" for classic XR in this facinity.
this procedure will wipe out the complete system and install a...
Below is a link to a video showing how to analyze traceroute output in L3VPN and look up CEF forwarding and MPLS/TE/SR/SR-TE forwarding for labels through a domain. Some basic examples of traffic engineering are used but the concepts lend the...
This document summarises various health checks that can be done on a Cisco VIM pod.
Cloud sanity checks the health status of network, storage and various openstack infrastructure components like mariadb, rabbitmq etc....
The following pre-requisites are necessary for the migration from RSP440 to RSP880-LT to be successful.
Make sure that you have console access to the router.
Verify that the system is running a minimum o...