NAT for Call Manager

Unanswered Question
Sep 24th, 2010

Is it recommended to use NAT on VoIP. I have two seperate cluster one for cisco call manager and other for Avaya. We are integrating both the setups(h323). Is it ok to use NAT. Can someone provide me a document which helps in this reference.

For what reason people do not recommend it in the network, or is it the same that you do not register your call managers with the domain server. Look forward to hear.


Humayun Sami.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.8 (4 ratings)
Paolo Bevilacqua Fri, 09/24/2010 - 06:36

No, it is NOT OK to use NAT for Voip and / or CM.

If you do that, you will run into many, many problems, and realize a poor design.

Steven Holl Fri, 09/24/2010 - 06:49

If you can get by with not using NAT, it is preferred from the perspective of having less complexity, hence less things to go wrong.

That being said, NAT should work fine.  There are some gotchas with SCCP v17 and NAT on some platforms, though.  And there's an IOS NAT bug that it can't handle multiple c lines.

If you need to hide addresses between sites, you could use a CUBE with media flow-through.

Joseph Martini Fri, 09/24/2010 - 12:07

To add to that, many 3rd party devices are lacking SCCP support for inspection when doing NAT.  While some 3rd parties can inspect SCCP packets their support is almost always behind what Cisco devices will support (in terms of newer SCCP versions).

Humayun.sami_2 Sun, 09/26/2010 - 22:24

Thank everyone, I have a question here, lets say that we can get it to work with using NAT. I wanted to understand the design that how does the IP to IP (Call Manager to Manager) and phone to phone connectivity works. As in my knowledge we have separate IP’s for Call Manager. My question is in respect to the RTP session establishment.

I understand it with that we can provide NAT’d addresses to Call Managers, how will the Phone work here. Even if we have NAT’d the phones subnet as well. To create RTP session phones will definitely have direct session established. Can you please make me understand the design working here in regards to the phone communication and RTP session establishment.

Humayun Sami

Steven Holl Mon, 09/27/2010 - 05:50

So keep in mind that typically media won't go through CM, and the media will be directly between the IP phones or phone and gateway for calls.  Unless you invoke an MTP for the call, in which each side will talk to the MTP.

The only time NAT needs to come into play here is:

* If one of the endpoints is on the other side of the NAT boundary.  The RTP addresses and media information in the SCCP packet need to be inspected.

* If CM is on the other side of the NAT boundary, so that the media information in the SCCP packet contains an address which the endpoint is able to reach.

Essentially, just make sure that every device doing NAT where SCCP or RTP traffic traverses has the capability to do SCCP fixup/inspection.  Which typically means it needs to be a Cisco device, since SCCP isn't an open standard, so most companies don't support NAT fixup/inspection with SCCP.


This Discussion