RTP Issue through NAT (PIX7.2.(2).18)

Unanswered Question
Apr 16th, 2007
User Badges:

Hi all

I got a weird problem with a PIX 515 (7.2(2).18.

I'm natting SIP behind the Firewall [CME 4.1(0) (c2801-ipvoicek9-mz.124-11.XJ1.bin)].

Incoming and outgoing SIP-calls are working perfectly.

See old conversation http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Unified%20Communications%20and%20Video&topic=IP%20Telephony&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40.1ddd38eb

Unfortunately, "forwarding-all" function (with a SIP-incoming call to an external number [through the same SIP-Proxy])

is sending the SIP-signal (ringing) but no RTP-flow.

On the PIX the "SIP inspect" is activated.

Is there a possibility to configure a symmetric / consistent NAT on the PIX to allow the RTP-stream to be built up?

Thanks and regards,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Frank Hobrecht Wed, 01/02/2013 - 00:17
User Badges:

Hi Norbert,

have you found a solution for this? I have a similiar problem with CME and an IOS router in front of it.



alig.norbert Mon, 01/07/2013 - 08:19
User Badges:

Hmmm.... long time ago ;-)

I had to change some settings on the cme:


voice service voip

no ip address trusted authenticate

allow-connections h323 to h323

allow-connections h323 to sip

allow-connections sip to h323

allow-connections sip to sip                                             <-

no supplementary-service sip moved-temporarily               <-

no supplementary-service sip refer

redirect ip2ip

fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none


  h245 caps mode restricted


  registrar server

  asserted-id ppi                                                            <-





credentials username password realm

keepalive target dns:

authentication username password realm

retry invite 2

retry response 2

retry bye 2

retry register 2

retry options 1

registrar dns:

expires 60




This Discussion