RTP Issue through NAT (PIX7.2.(2).18)

alig.norbert · ‎04-16-2007

Hi all

I got a weird problem with a PIX 515 (7.2(2).18.

I'm natting SIP behind the Firewall [CME 4.1(0) (c2801-ipvoicek9-mz.124-11.XJ1.bin)].

Incoming and outgoing SIP-calls are working perfectly.

See old conversation http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Unified%20Communications%20and%20Video&topic=IP%20Telephony&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40.1ddd38eb

Unfortunately, "forwarding-all" function (with a SIP-incoming call to an external number [through the same SIP-Proxy])

is sending the SIP-signal (ringing) but no RTP-flow.

On the PIX the "SIP inspect" is activated.

Is there a possibility to configure a symmetric / consistent NAT on the PIX to allow the RTP-stream to be built up?

Thanks and regards,

norbert

Frank Hobrecht · ‎01-02-2013

Hi Norbert,

have you found a solution for this? I have a similiar problem with CME and an IOS router in front of it.

Thanks

Frank

alig.norbert · ‎01-07-2013

Hmmm.... long time ago ;-)

I had to change some settings on the cme:

....

voice service voip

no ip address trusted authenticate

allow-connections h323 to h323

allow-connections h323 to sip

allow-connections sip to h323

allow-connections sip to sip <-

no supplementary-service sip moved-temporarily <-

no supplementary-service sip refer

redirect ip2ip

fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none

h323

h245 caps mode restricted

sip

registrar server

asserted-id ppi <-

!

....

!

sip-ua

credentials username password realm

keepalive target dns:

authentication username password realm

retry invite 2

retry response 2

retry bye 2

retry register 2

retry options 1

registrar dns:

expires 60

Greets,

Norbert