Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
934
Views
0
Helpful
4
Replies

Router 857w SIP, RTP issue

busaussie
Level 1
Level 1

‎05-19-2009 01:51 AM - edited ‎03-04-2019 04:48 AM

Hi Guys,

I have a cisco 857 router, and i have 2 Cisco SPA 962 sitting behind it. The router is using has a static ip and NATing over to a private ip. I am having the issue with that the SIP signalling is getting through the router NAT, but the RTP isn't working.

I have tried a couple of ways, one way by configuring CBAC, but i get the issue of no RTP at all.

But if i manually configure ACLs, SIP singalling works, RTP works for outbound calls, but when i make an inbound call i only get one-way audio. The outside phone can hear the audio, but the phone inside can't hear anything.

I have attached my show run (minus passwords, etc)

When i usually have this kind of issue, i disable SIP ALG. Can you disable SIP ALG? Is so, how?

Thanks you,

Liam

Labels:
Preview file
3 KB
0 Helpful
4 Replies 4

patrickvanham
Level 1
Level 1

‎05-19-2009 02:56 AM

You do allow inbound SIP to pass, but not the RTP streams. The port used varies per session. To allow RTP to pass you'll have to modify the named accesslist to allow the incoming RTP stream. Since the port is dynamic you'll have to allow most if not all udp ports and make use of other tools to block unwanted traffic.

0 Helpful

busaussie
Level 1
Level 1
In response to patrickvanham

‎05-19-2009 03:49 AM

I have added. UDP and TCP RTP ports (1024 to 65535) and disabled CBAC, and i am still having issues.

*I am just surpised that no one else has come across the same problems i have. Is there something i am missing?

config:

interface Vlan1

description Internal Interface$FW_INSIDE$

ip address 192.168.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452

!

interface Dialer1

description ISP Interface$FW_OUTSIDE$

ip address negotiated

ip access-group internet in

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap pap callin

ppp

ppp

ppp

!

ip route 0.0.0.0 0.0.0.0 Dialer1

!

ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source list 1 interface Dialer1 overload

!

ip access-list extended internet

permit tcp any any range 1024 65535

remark SDM_ACL Category=16

permit udp any any range 1024 65535

permit udp any any eq 5060

deny ip any any log

!

access-list 1 remark INSIDE_IF=Vlan1

access-list 1 remark SDM_ACL Category=2

access-list 1 permit 192.168.1.0 0.0.0.255

dialer-list 1 protocol ip permit

no cdp run

!

control-plane

!

0 Helpful

patrickvanham
Level 1
Level 1
In response to busaussie

‎05-19-2009 04:42 AM

In addition to this you'd need to use symmetric RTP since you're NATing. Below is some information on how to use RTP in a NATed scenario

http://www.voip-info.org/wiki/view/RTP+Symmetric

http://ag-projects.com/docs/PressArticles/NATtraversal-BestPractices.pdf

0 Helpful

busaussie
Level 1
Level 1
In response to patrickvanham

‎05-19-2009 07:47 AM

I already got symeetic up and running already.

I found the issue, the issue was that the IOS SIP AlG wasn't good. ( 12.4(6)T) Anything before, 12.4(6)T, you should upgrade to the lastest IOS image. I used this image: c850-advsecurityk9-mz.124-15.T1.bin.

Thanks for everyones help.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card