I'm struggling with a NAT/SIP config I'm working on (on a 800 serie, running 15.3(3)M6)). NAT and routing are working fine, but I sometimes see the outside IP address in the SIP packets on the inside interface.
I have a PC with an IP phone connected to the NAT router, itself connected to the customer's backbone. The NAT works flawlessly, the PC gets an IP address (in a privaate range) and can reach the voice server (InIn).
I ran a sniffer trace on both sides of the NAT to get an idea of what seems wrong :
On the outside interface, the SIP traffic shows no signs of the private IP address, so it looks like the SIP inspection is working fine from inside to outside.
However, on the incoming direction, I sometimes see the outside IP address in some SIP packets, and not the inside one.
It seems to affect mostlyl signalling : voice goes through bidirectionally, but setting up a call from the soft phone to a test mobile first times out (30s) before the automatic redial successfully goes through.
I've tried to change the "ip nat service sip udp port ..." to point to 5060 or to 8060, to no avail. So it looks like the SIP inspection works ... sometimes only ? (found no bugs yet that would match this behaviour)
The relevant part of the config is :
ip dhcp pool MyDHCPPool network 192.168.0.128 255.255.255.128 default-router 192.168.0.129 dns-server 10.10.10.20 domain-name nat-sub.com lease 0 2 ! interface FastEthernet4 ip address 10.10.20.2 255.255.255.128 ip nat outside ip virtual-reassembly in ip virtual-reassembly out duplex auto speed auto ! interface Vlan1 ip address 192.168.0.129 255.255.255.128 ip nat inside ip inspect VOIP in ip virtual-reassembly in ip virtual-reassembly out ! ip nat service sip udp port 8060 ip nat pool NatPool 10.10.20.130 10.10.20.254 netmask 255.255.255.128 ip nat inside source list 1 pool NatPool ip route 0.0.0.0 0.0.0.0 10.10.20.1 ip route 192.168.0.128 255.255.255.128 Vlan1 ! access-list 1 permit 192.168.0.0 0.0.0.255