Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1060
Views
1
Helpful
3
Replies

Certificate based LGW behind NAT

Go to solution
Bal_S
Level 1
Level 1

‎03-28-2023 09:48 AM - edited ‎03-28-2023 09:50 AM

We are trying to setup Certificate based LGW behind NAT. CUBE shows dial-peer keepalive active ad TLS connection established. But Control Hub shows SIP OPTIONs got no response from CUBE. We are seeing response to options go out from CUBE towards webex calling. One of the session at Cisco live 2023 mentioned support for setup behind NAT is coming soon. Anyone has done it or any suggestions?

Labels:
0 Helpful
1 Accepted Solution

Go to solution
Jonathan Schulenberg
Hall of Fame
Hall of Fame

‎03-28-2023 03:54 PM - edited ‎03-28-2023 03:55 PM

This is a bad, fragile, idea; don’t do it - and for sure don’t put a production environment in an unsupported state until Cisco stupidly agrees to support this.
With that warning out of the way: you will need to configure a SIP profile that replaces the internal IP with the external NATed IP in every header and SDP line. Also, only static 1:1 NAT will ever work - not PAT/overload where the TCP/UDP change.

View solution in original post

3 Replies 3

Go to solution
Bal_S
Level 1
Level 1

‎04-04-2023 11:55 AM

Incase this helps anyone. We were able to get this cert based LGW register behind NAT and calling seems to be working too. This is a test setup for us so we are good, but for prod setup we will have to wait for Cisco support of this-which we got an update through our Cisco team is expected next month.

0 Helpful

Go to solution
Jonathan Schulenberg
Hall of Fame
Hall of Fame

‎03-28-2023 03:54 PM - edited ‎03-28-2023 03:55 PM

This is a bad, fragile, idea; don’t do it - and for sure don’t put a production environment in an unsupported state until Cisco stupidly agrees to support this.
With that warning out of the way: you will need to configure a SIP profile that replaces the internal IP with the external NATed IP in every header and SDP line. Also, only static 1:1 NAT will ever work - not PAT/overload where the TCP/UDP change.

Go to solution
Bal_S
Level 1
Level 1
In response to Jonathan Schulenberg

‎03-29-2023 05:52 AM

Thanks Jonathan. We will rethink our plan

I don't understand why Cisco has not yet updated docs after announcing support at Cisco live. MS Direct routing works well behind NAT, we expected this works too. Registration based LGW will not work for us with max limit of 250 calls. We also don't see docs or support for multiple registration based LGW on single CUBE  (which was also announced at Cisco Live). 

0 Helpful
Customers Also Viewed These Support Documents