Static NAT and Ichat AV

Unanswered Question
Mar 12th, 2007
User Badges:

I have a customer who is being natted by a static nat on a Cisco 3725. For some reason, ichat AV will not run through the nat. It will work without the nat, and it will work with a nat through a dsl router, but not with the IOS natting. Here is my version info:


Cisco IOS Software, 3700 Software (C3725-SPSERVICESK9-M), Version 12.3(11)T2, RELEASE SOFTWARE (fc1)


Tom


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jain.nitin Tue, 03/13/2007 - 04:43
User Badges:

Hi Tom,


Could you please explain indetail wht u tring to do.


Thanks

Ninja

tomswenson Tue, 03/13/2007 - 05:46
User Badges:

I am a ISP. I have a customer who wants to run Apples Ichat AV program, but it won't work on my system. I'm doing a simple static nat:


ip nat inside source static 172.16.11.1 xxx.xxx.xxx.xxx


with an


ip nat outside on my serial port.


To troubleshoot, I had the customer bring in their pc and found that the IchatAV would run fine if I weren't natted. I then put them behind a simple dsl router, natted through the router, and it still worked fine. It then appears that there is something about Cisco's version of natting that makes it not work. I also tried dynamic nat for this customer and it didn't work either.


I hope that explains it, I haven't opened up a ticket yet, but may have to soon.


Tom


dsoumas25 Sun, 04/01/2007 - 15:33
User Badges:

Tom,


Have you gotten any further with this issue?


- Dave

tomswenson Mon, 04/02/2007 - 05:55
User Badges:

No, I haven't. I may have to open up a ticket.


Thanks for asking.


Tom


dsoumas25 Mon, 04/02/2007 - 11:18
User Badges:

It seems to be some type of NAT translation issue related to how the application attempts to peer-to-peer it's video connections. I was going to run some debugs myself, but I haven't had anyone to try it with today. I'll see if I can't get some data posted on the NAT streams.


I'm curious if it works within the broadcast domain and it's just the NAT external connections that cannot seem to sync.


Let me know if you find anything new. Thanks!


- Dave

blakewebb Thu, 06/21/2007 - 16:57
User Badges:

Tom,


I don't know if you have a solution yet but I've had the same issue for a while now and have figured out how to get iChat working using static NAT.


no ip nat service sip udp port 5060

no ip nat service sip tcp port 5060

ip nat inside source static udp 16403 interface FastEthernet0 16403

ip nat inside source static udp 16402 interface FastEthernet0 16402

ip nat inside source static udp 16401 interface FastEthernet0 16401

ip nat inside source static udp 16400 interface FastEthernet0 16400

ip nat inside source static udp 16399 interface FastEthernet0 16399

ip nat inside source static udp 16398 interface FastEthernet0 16398

ip nat inside source static udp 16397 interface FastEthernet0 16397

ip nat inside source static udp 16396 interface FastEthernet0 16396

ip nat inside source static udp 16395 interface FastEthernet0 16395

ip nat inside source static udp 16394 interface FastEthernet0 16394

ip nat inside source static udp 16393 interface FastEthernet0 16393

ip nat inside source static udp 16392 interface FastEthernet0 16392

ip nat inside source static udp 16391 interface FastEthernet0 16391

ip nat inside source static udp 16390 interface FastEthernet0 16390

ip nat inside source static udp 16389 interface FastEthernet0 16389

ip nat inside source static udp 16388 interface FastEthernet0 16388

ip nat inside source static udp 16387 interface FastEthernet0 16387

ip nat inside source static udp 16386 interface FastEthernet0 16386

ip nat inside source static udp 16385 interface FastEthernet0 16385

ip nat inside source static udp 16384 interface FastEthernet0 16384

ip nat inside source static udp 5060 interface FastEthernet0 5060

ip nat inside source static udp 5190 interface FastEthernet0 5190

ip nat inside source static tcp 5190 interface FastEthernet0 5190

ip nat inside source static tcp 5298 interface FastEthernet0 5298

ip nat inside source static udp 5298 interface FastEthernet0 5298

ip nat inside source static udp 5353 interface FastEthernet0 5353

ip nat inside source static udp 5678 interface FastEthernet0 5678


To be honest, I haven't had the opportunity to test this due to the fact that my solution needs to be from ANY source address to a NAT pool. This should work well though...it includes all of the required ports on Apple's site. The reason you were having issues was mainly due to the initial "no ip nat service sip udp port 5060". As I understand it, Cisco NAT steals this port for use with voice protocols. Anyway, hope that helps...please let me know if that works out. If it helps at all, rate me pls :)

dsoumas25 Fri, 06/22/2007 - 02:20
User Badges:

Blake,


Would you please forward the link to these specifications on Apple's site (or, conversely, just submit a table of what aplications these ports represent)?


Thanks much for your contribution!


- Dave

blakewebb Fri, 06/22/2007 - 03:08
User Badges:

Dave,


Sure...I've got the config guide for http://docs.info.apple.com/article.html?artnum=93208 - Using iChat AV with a firewall or NAT router


And http://docs.info.apple.com/article.html?artnum=106439 - "Well Known" TCP and UDP Ports Used by Apple Software Products


Obviously the first link doesn't actually help other than to provide the specific port information. The second provides a list of all Apple ports. Lemme know if this is what you're looking for.

Actions

This Discussion