Question about IP communications across Internet

Unanswered Question
Jul 9th, 2007


I got a question about the feasibility of transmiting VOIP traffic across the Internet.

The scenario describes as follows:

Branch and the HQ are connected through the Internet.Both of them use the private address in there LANs,and utilize PAT to connect to the Internet.

In the HQ,they will setup a UC demo environment.

The question is "Is it possible to transmit VOIP traffic across the Internet cloud?"

I'm not familiar with Unified Communications.

I would like to clarify this question by asking more detail questions.

1. Does CUCM distinguish IP phone by MAC address or IP address? I find that in the CCM configuration of the IP Phone,the MAC is a must requestion.If the signaling traffic transmits through the Internet,the MAC address is lost,is it?

2. Is SCCP the only protocol that IP phones communicate with CCM to register? Can SIP do that? I saw somewhere says that IP phones can not register by SCCP through WAN,is that correct?

3. If the CCM sees only one IP from the Branch,how to distinguish multiple IP phones in the Branch?

Finally,is it possible to transmit VOIP traffic across the Internet cloud?

Thank you!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (5 ratings)
Paolo Bevilacqua Tue, 07/10/2007 - 02:30

It is perfectly possible and a lot of people do that since years.

To work around the NAT problems, what is recommended to do, is to use tunnelling (VPN IPsec if you need encryption, simple GRE if you do not), so that all the devices are recognized with their addresses. This require to use a cisco router instead, or in addition to, whatever device the ISP has given by default.

Hope this helps, please rate post if it does!

raowb2004 Tue, 07/10/2007 - 07:52

Hello p.bevilacqua,

Thank you for your reply.

Tunnelling indeed meets the need.

But is it possible to archive this not by tunnelling?

Thank you.

j-schulze Tue, 07/10/2007 - 09:01

I guess in theory you could do it without tunneling, but it wouldn't be practical. As each PC that is using IP comm. would need a public NAT address as would CCM.

johnnylingo Tue, 07/10/2007 - 09:46

I agree that you would need a dedicated public IP address for each phone with corresponding NAT translations, so it would not be practical. Instead, use a VPN to connect the two offices.

raowb2004 Wed, 07/11/2007 - 17:22

Thank you all.

Could someone give a detail explanation for me,cause I should make a formal feasibility analysis.

Thank you!

Zin.Karzazi Wed, 07/11/2007 - 23:39

Another Workaround for NAT, is to use STUN (Simple Traversal of UDP (User Datagram Protocol) through NATs.

Paolo Bevilacqua Wed, 07/11/2007 - 23:51

The thing is that Cisco phones do not support NAT.

Raow: I think you have been given the reason why tunnelling is necessary in sufficient detail.

If you have to work on some deliverable,it's part of your due diligence to go over the many many documents available on CCO to prepare a proposal. And don't forget to rate useful posts in this forum!

raowb2004 Thu, 07/12/2007 - 00:17

OK,thank you.

I just want to have a deep study on it,no need to deliver anything to other people,just myself.

Thank you all!

Paolo Bevilacqua Thu, 07/12/2007 - 01:51

Very reasonable. If you have any other doubts, please ask.

Thanks for the nice rating and good luck!

NB: Amend to my previous post: Cisco phones with SIP, do support NAT. Wath they don't support, is STUN.

Zin.Karzazi Thu, 07/12/2007 - 02:04


that s interesting, i thought it was supported on all IP-Phones, because Cisco coauthored the STUN protocol. Do you have a link stating that SIP phones doesnt support STUN?



Another solution is a protocol called STUN (Simple Traversal of UDP Through Network Address Translators), which was coauthored by Cisco. When a user sends a message to a server from inside a NAT, the server will reflect back whatever address the NAT gives it. STUN allows this reflected address to be used to establish an RTP session with the user inside the NAT, without involving any of the SIP proxies in the middle.


bgrunewald Fri, 08/10/2007 - 14:44

You can run "in the clear" without tunneling, but you have to have routers on both ends that can NAT SIP or SCCP, depending on what you have on the phone. I did a proof of concept with SCCP, and as long as there is an ALG (Application Layer Gateway) for SCCP, the NAT code fixes the embedded SCCP IP addresses. Since NAT can operate with overload on a DHCP address, the public IPs don't have to be static.

For SIP, presumably it should be easy to find a non-Cisco device that does STUN or ALG fixups to make NAT work. I don't think you are going to be able to plug a Cisco SIP phone straight into a cable/DSL modem (not router) and get it to work. Even though Cisco may support STUN, it doesn't mean the phones are the device that supports it - more likely IOS and PIX/ASA firewalls.


This Discussion