07-28-2007 06:59 AM - edited 03-14-2019 10:49 PM
Hi All
My CME system is behind a cisco 857 running nat. I'm only getting 1 way audio when connecting to my sip provider.
I'm guessing the rtp stream is not getting through my nat?
Does anyone know which ports to forward and how to forward the ranges on my cisco nat device?
Or is there a way of faking the source ip address of my cme system (currently on 192.168.x.x range) so it send it's public ip instead (I've configured PAT on nat device to give cme a public ip) and thus bypassing the nat all together?
Thanks in advance
07-28-2007 07:38 AM
hi,
cisco nat should make the call work fine. Please send nat config to begin with.
07-28-2007 08:04 AM
Here is the nat config: (Note CME is 192.168.4.253)
ip nat inside source list 101 interface Dialer0 overload
ip nat inside source static tcp 192.168.4.1 25 interface Dialer0 25
ip nat inside source static tcp 192.168.4.1 80 interface Dialer0 80
ip nat inside source static tcp 192.168.4.1 1723 interface Dialer0 1723
ip nat inside source static tcp 192.168.4.1 443 interface Dialer0 443
ip nat inside source static tcp 192.168.4.1 21 interface Dialer0 21
ip nat inside source static tcp 192.168.4.8 5500 interface Dialer0 5500
ip nat inside source static 192.168.4.11 212.115.49.75 extendable
ip nat inside source static 192.168.4.253 212.115.49.76 extendable
ip classless
ip route 0.0.0.0 0.0.0.0 Dialer0
no ip http server
no ip http secure-server
!
access-list 101 permit ip 192.168.4.0 0.0.0.255 any
access-list 101 permit ip 10.10.10.0 0.0.0.255 any
dialer-list 1 protocol ip permit
07-28-2007 10:50 AM
Looks fine. Do a call capturing "debug ccsip message", and let's see if the proper translatio n has been build using "show ip nat translation udp detail".
07-28-2007 11:02 AM
07-28-2007 12:45 PM
Translation is created OK:
udp 212.115.52.107:17108 192.168.4.253:17108 217.14.138.126:16212 217.14.138.126
:16212
create 00:01:17, use 00:01:09 timeout:300000, left 00:03:50,
Pro Inside global Inside local Outside local Outside global
flags:
extended, use_count: 0, entry-id: 62078, lc_entries: 0
Do you have access list, firewall, ip inspect or anything like that on the 857 ?
What IOS on the 857 ?
07-28-2007 02:09 PM
access list yes - as per previous nat config
firewall - no
ip inspect - not that i know of
ios is 12.4(6)T5
I've tried using 837 with 12.3 instead and that does same thing!
07-28-2007 02:13 PM
When the call is in place, can you observe (via show interface) the flow of 50 pps going out the ADSL router and coming in the CME ?
And what "show rtp call" on CME shows ?
07-29-2007 12:43 AM
07-29-2007 03:01 AM
Hi,
with the default 5 minutes-load interval, it takes a while to get to the statistics. You can reduce to 30 seconds to see the info quicker.
You said you have the call setup but 1-way audio, still "show rtp call" comes empty ?
07-29-2007 05:37 AM
yes show rtp call always displays 'no active calls found'.
I've made some test calls to pstn and other sccp handsets and show rtp calls never displays anything!
07-29-2007 05:50 AM
My bad, it is normal because the RTP stream is actually terminated on the phone, not on the router.
Basically, I'm trying to ascertain if the adsl and in turn, the cme router are receiving RTP packets. Another easy way to do that is if you press ? twice on the phone, it should give you RTP statistics.
The problem may have something to do with the source address used by the ITSP gateway, that is different to the translation created. Under sip-ua, there are nat settings that deal with that, but in first place the packets should get to the cme router, thing that we don;t know for sure is happening. So it is kind of long troubleshooting process that you have to take.
EDIT: If you remove pppoe client from the ADSL router, configure it for bridging, then configure PPPoE/ dialer on the CME, it should get public IP. This way you would check the call is working and is a NAT problem.
07-29-2007 06:03 AM
No problem
Hitting ? twice shows codec is g729 and lots of transmit count packets (igoing up 50 at a time) but none received.
I don't know how to do the bridging config that you suggest - do you have a config I could look at?
07-29-2007 06:16 AM
Assume you have pppoe (not pppoa) on 857:
no ip routing
int atm0.1
pvc 8/35
bridge-group 1
int vlan1
bridge-group 1
bridge 1 protocol ieee
On cme:
interface fa0
no ip address
pppoe enable
ppoe-client dialer-pool-number
And copy the dialer config from 857 to cme.
07-29-2007 08:24 AM
sorry if i'm being a bit thick - this stuff is new to me.
This is my 857 adsl config (edited for security) is it going to work with the config you suggest?
interface ATM0
no ip address
no atm ilmi-keepalive
dsl operating-mode auto
!
interface ATM0.1 point-to-point
no snmp trap link-status
pvc 0/38
encapsulation aal5mux ppp dialer
dialer pool-member 1
!
!
interface FastEthernet0
no cdp enable
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
!
interface Vlan1
ip address 192.168.4.254 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Dialer0
ip address negotiated
ip nat outside
ip virtual-reassembly
encapsulation ppp
dialer pool 1
dialer-group 1
no cdp enable
ppp authentication chap pap callin
ppp chap hostname username@isp
ppp chap password blah
ppp pap sent-username username@isp password blah
50
!
ip route 0.0.0.0 0.0.0.0 Dialer0
thanks again for your help
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: