SCCP or SIP Through Double NAT?

Unanswered Question
Jan 21st, 2008

I have a customer who has a typical setup, CCM (6.x) sitting behind a 2811 Voice Gateway, the voice gateway also serves his internet access providing overload nat.

What they are looking to do is provide remote IP Phones, ideally across the internet, but without VPN.

I found the 2811 has some form of Session Border Controller in it, but not sure if it will work in this situation.

As the CCM has an internal private IP, so will the outside IP Phone.

Is there a tech note on doing this? SCCP or SIP? Has anyone managed to get it working?

P.S. I'm aware of the issues running SCCP and SIP through NAT by just mapping ports.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Paolo Bevilacqua Mon, 01/21/2008 - 07:23

When the NAT is done by a cisco devices, everything will work. When is not cisco (typical consumer-class broadband modem/router), SIP *may* work without additional configuration, but forget about SCCP. And anothe problem in deploying cisco phones in SIP, is that they don't support STUN.

So what do you have in the teleworker's homes, and are you willing to upgrade/configure the small router there, to the minimum extent necessary ?

justincohen Mon, 01/21/2008 - 07:44

The remote site is "ususally" a linksys WRT54G or similar device.

I could set the phone as the DMZ device, if that would help.

SO what config is required on the 2811 at the site with the CCM?

Paolo Bevilacqua Mon, 01/21/2008 - 07:57

basically, only a static NAT mapping for SIP or SCCP (tcp 2000) to CM is required on the 2811.

I think, but not 100% sure, that the linksys using latest firmware, will let SIP pass OK without any configuration, worst case, as DMZ or port-forwarded device. Of course DMZ would allow SCCP to work as well.

justincohen Mon, 01/21/2008 - 11:58

So I have the phone registering (SIP) and i'm getting audio from the SIP phone, on outbound calls, but not the other way.

Calls to other phones, no audio at all

I think the problem is related to the fact that CCM shows the IP address of the phone as 192.168.1.190 (the ip of the phone at the end users house)

I got around that on the SIP phone by telling CCM to use it's hostname instead of IP on the far end. But how do I get the CCM to see the right registered IP?

As an example... the gateway shows this as the "remote phone's" IP Address

"RemoteMediaIPAddress=192.168.1.190"

That's correct -- but on the inside at the far end.

Paolo Bevilacqua Mon, 01/21/2008 - 12:41

Hi,

which IOS do you have on the 2811 ? And which NAT config ?

Recent IOS should translate all the media addresses in withing SIP messages, automatically.

justincohen Mon, 01/21/2008 - 12:42

Latest.

That being said, it's a huge config, i'd rather not post all of it.

Right now it's a typical Overload nat, one outside, a few inside interfaces with some statics...

Is there specific commands I should be putting in there?

Paolo Bevilacqua Tue, 01/22/2008 - 03:06

Hi, sorry, I was making the wrong suggestions.

It is responsibility of the remote router to change all occurrences of a private address with the public one. Evidently, it is not doing that.

This is why many SIP phones do implement STUN.

It is not easy to solve, you can change the NAT setting in the phone with a fixed address, but eventually you would need a proper router as mentioned you can either try latest FW on the linksys, or a cisco router.

Actions

This Discussion