Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1182
Views
0
Helpful
1
Replies

Connectivity Failure with SIP server: NAT and IOS Firewall

beckerli
Level 1
Level 1

‎06-14-2010 09:41 AM - edited ‎03-04-2019 08:46 AM

I have searched the community for the problem I am having (string: pre-generated session) and have found a number of unanswered questions regarding a similar issue to mine. Any assistance would accordingly be widely appreciated.

Platform: Cisco 877 ADSL Router
 


Software Version: C870 Software (C870-ADVIPSERVICESK9-M), Version 12.4(24)T1

Connectivity Problem Description: 
When the ISP resets the router ip address, ATM0 goes up and down and a new
address is acquired, the Lynksys SPA9000 is subsequently unable to register with the SIP
server. When the nat session is cleared the SPA9000 registers fine and all is OK until
the next ISP reset.

Diagnostics:

1. The IOS firewall pre-generates a new session with the new global source address

2. the NAT session between the old source IP address and the Sipgate server persists.

3. When I clear ip nat trans *, the problem is resolved, the pre-gen session disappears
and the SPA9000 resigsters.


How do I configure to make sure the old NAT session times out itself when the new
source IP address is acquired?

Setting the default NAT TCP timeout to less than 24 hrs may provide a solution but
it will not resolve the problem.  UDP NAT timeout is short, so this is possibly not
the problem.

I would be most grateful if you could suggest what may be sustaining the 'false' NAT session
with the old source IP address.  It is almost as if the firewall is proxying this session?


S_Router#sh ip inspect sis

Established Sessions
------------------------------------------------------------------------------------------
 Session 848FF6A8 (172.27.10.2:5060)=>(217.10.79.9:5060) sip SIS_OPEN
------------------------------------------------------------------------------------------
 Session 848F7128 (172.27.20.5:29294)=>(118.161.65.144:49272) udp SIS_OPEN
 Session 848F9AE0 (172.27.20.5:29294)=>(212.113.245.154:12769) udp SIS_OPEN
 Session 848FDAD8 (172.27.20.2:12980)=>(196.26.208.190:25) smtp SIS_OPEN
 Session 848FB6B0 (172.27.20.5:3641)=>(41.185.89.81:50564) tcp SIS_OPEN
 Session 84902328 (172.27.30.2:2921)=>(83.220.137.203:1195) tcp SIS_OPEN
Half-open Sessions
 Session 848F7C48 (172.27.20.5:29294)=>(84.110.104.69:58777) udp SIS_OPENING
 Session 848FB3E8 (172.27.20.5:29294)=>(188.168.36.123:56450) udp SIS_OPENING
 Session 848F44A8 (172.27.20.5:29294)=>(80.171.10.215:49864) udp SIS_OPENING
------------------------------------------------------------------------------------------
Pre-generated Sessions
 Pre-gen session 848F76B8  217.10.79.9[1024:65535]=>41.240.123.23[1024:1024] sip
------------------------------------------------------------------------------------------

S_Router#sh ip nat trans

Pro Inside global         Inside local          Outside local         Outside global
------------------------------------------------------------------------------------------
udp 41.240.82.80:1024     172.27.10.2:5060      217.10.79.9:5060      217.10.79.9:5060
------------------------------------------------------------------------------------------
udp 41.240.123.23:2049    172.27.10.3:2049      196.7.0.138:53        196.7.0.138:53
udp 41.240.123.23:2049    172.27.10.3:2049      196.26.5.10:123       196.26.5.10:123

* old Inside Global IP address

Labels:
0 Helpful
1 Reply 1

dfranz3434
Level 1
Level 1

‎08-22-2010 08:30 PM

Did you manage to get to the bottom of this problem and find a permanent workaround.  I am experiencing mildly similar issues.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card