Cisco 1811, problem with NAT and MGCP

Unanswered Question

I am want to use an IAD in Internet with MGCP behind a Cisco 1811 using the C181x-adventerprisek9-mz.124-11.T image.

IAD(MGCP)-->C1811-->Internet-->Softswitch

<------->NAT

My IAD registers with the Softswitch but I am not able to establish calls with it.

After some tests and sniffing the WAN interface of my 1811, I realized that when trying to make a call, during the signalling, the IAD makes a response to a "Creat Connection" packet sent by the Softswitch. This response sent by the IAD is changed by the NAT (1811)and the packet goes damaged in this process; the layer 3 checksum of the packet goes to INCORRECT and the packet is discarded at the next hop. I did the same scheme with a PIX 515 and the call is established without any problem. I believe its a bug; does someone knows a way to go around this problem? This is my Cisco 1811 configuration:

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname PRUEBAS

!

boot-start-marker

boot-end-marker

!

enable password

!

no aaa new-model

!

!

ip cef

!

!

ip domain name prueba

!

multilink bundle-name authenticated

!

!

!

interface FastEthernet0

ip address 200.X.X.X 255.255.255.248

ip nat outside

no ip virtual-reassembly

duplex auto

speed auto

!

!

interface FastEthernet1

no ip address

shutdown

duplex auto

speed auto

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

!

interface FastEthernet5

!

interface FastEthernet6

!

interface FastEthernet7

!

interface FastEthernet8

!

!

interface Vlan1

ip address 192.168.0.254 255.255.255.0

ip access-group ALL in

ip nat inside

no ip virtual-reassembly

!

interface Async1

no ip address

encapsulation slip

!

ip route 0.0.0.0 0.0.0.0 200.X.X.X

!

!

no ip http server

no ip http secure-server

ip nat inside source list NAT interface FastEthernet0.3 overload

ip nat inside source static 192.168.0.150 200.X.X.X

!

ip access-list extended NAT

permit ip 192.168.0.0 0.0.0.255 any

ip access-list extended ALL

permit ip any any

!

!

line con 0

line 1

modem InOut

stopbits 1

speed 115200

flowcontrol hardware

line aux 0

line vty 0 4

password cisco

login

transport input telnet ssh

line vty 5 15

password kas

login

transport input telnet ssh

!

!

webvpn context Default_context

ssl authenticate verify all

!

no inservice

!

end

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion