Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
721
Views
0
Helpful
0
Replies

NAT/SIP shows outside IP address in SIP packets on the inside interface

MDP
Level 1
Level 1

‎08-27-2019 11:44 PM

Hey guys

 

I'm struggling with a NAT/SIP config I'm working on (on a 800 serie, running 15.3(3)M6)). NAT and routing are working fine, but I sometimes see  the outside IP address in the SIP packets on the inside interface.

 

I have a PC with an IP phone connected to the NAT router, itself connected to the customer's backbone. The NAT works flawlessly, the PC gets an IP address (in a privaate range) and can reach the voice server (InIn). 

 

I ran a sniffer trace on both sides of the NAT to get an idea of what seems wrong :

 

  • On the outside interface, the SIP traffic shows no signs of the private IP address, so it looks like the SIP inspection is working fine from inside to outside.
  • However, on the incoming direction, I sometimes see the outside IP address in some SIP packets, and not the inside one.

 

It seems to affect mostlyl signalling : voice goes through bidirectionally, but setting up a call from the soft phone to a test mobile first times out (30s) before the automatic redial successfully goes through.

 

I've tried to change the "ip nat service sip udp port ..." to point to 5060 or to 8060, to no avail. So it looks like the SIP inspection works ... sometimes only ? (found no bugs yet  that would match this behaviour)

 

 

The relevant part of the config is :

ip dhcp pool MyDHCPPool
network 192.168.0.128 255.255.255.128
default-router 192.168.0.129
dns-server 10.10.10.20
domain-name nat-sub.com
lease 0 2
!
interface FastEthernet4
ip address 10.10.20.2 255.255.255.128
ip nat outside
ip virtual-reassembly in
ip virtual-reassembly out
duplex auto
speed auto
!
interface Vlan1
ip address 192.168.0.129 255.255.255.128
ip nat inside
ip inspect VOIP in
ip virtual-reassembly in
ip virtual-reassembly out
!
ip nat service sip udp port 8060
ip nat pool NatPool 10.10.20.130 10.10.20.254 netmask 255.255.255.128
ip nat inside source list 1 pool NatPool
ip route 0.0.0.0 0.0.0.0 10.10.20.1
ip route 192.168.0.128 255.255.255.128 Vlan1
!
access-list 1 permit 192.168.0.0 0.0.0.255

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents