SIP over NAT translation problem

Unanswered Question


I am SIP expert developing SIP soft-phone. I have a problem with my SIP traffic going through Cisco 2621 (IOS 12.3(21)) router acting as a NAT.

First, the problem is, that I don't have access to that Cisco box. I can only send configuration suggestions or ask for firmware upgrade. It is my provider's Cisco (can't choose different provider). But I can get/investigate traces from both sides of that router - SIP client side as well as SIP Server side.

I have a little understanding of the Cisco box configuration. I only know that I am assigned with the static public IP (?.?.?.137), which is translated to my local IP 192.168.?.? and then there is some 'pool' public IP (?.?.?.131) for other customers of my provider.

The actual problem is, that all SIP requests (SIP headers/params) on the way out get translated to the 'pool' IP (?.?.?.131) and the IP packet is then sent from my static address (?.?.?.137). The SIP responses on the way in then are not translated back correctly and the SIP phone doesn't accept them.

Can this be a configuration issue or is it a bug in the Cisco software?

In case of configuration issue, how can be that router configured to do just the address translation between the local and public static IP, with bypassing the NAT and all that SIP packet translation logic?

In case of the firmware bug, which IOS version would solve it?

If needed, I can provide detailed analysis of translations done on SIP packets.

Any help appreciated. Thanks in advance.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Paolo Bevilacqua Wed, 02/06/2008 - 14:11

Hi, from the way you describe:

there is some 'pool' public IP (?.?.?.131) for other customers of my provider.

Seems like that is not the 2621 doing NAT, rather private IP is used in ISPs network, then another box does NAT when customers are accessing the internet.

To confirm that, you should be able to observe that addresses are not NATed when communicating with other customer of the ISP.

Or ask ISP if that is the way they have the network set.

If it so, is not of easy solution, perhaps you should implement STUN in your softphone ?

zwhitworth Tue, 03/24/2009 - 14:02

"no ip nat service sip udp port 5060" or switch udp for tcp. This should fix your problem. The router is performing SIP Fixup and hiding the private IP address in the SDP. I've seen this issue on 12.3 on a 7200.


This Discussion