SIP GW behind NAT

Unanswered Question
Oct 1st, 2010

Hello,

My config :

CUCM6-----------ISR2811------(sip)--------NAT+FW-------(sip)--------SIP Provider

ISR2811 and NAT+FW are not the same equipment.

ISR2811 : IP-to-IP feature, only one network interface + private ip address.

NAT+FW : not a Cisco equipment. Do not support SIP inspection to replace private IP address by public, in SIP and SDP payload

Dynamic RTP ports affectation is not my issue. All ports are statiquely mapped to ISR2811.

Since NAT+FW do not provide SIP inspection, is there a way/feature/command to indicate public IP address to the ISR2811 ? The goal is to make all SIP signalisation and SDP fields of outgoing calls directly with the public IP address, instead of private IP address.

Thank you for your help.

Regards

Julien

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
hguner Fri, 10/01/2010 - 06:04

1. Change your NAT+FW device

2. Put 2811`s other fast ethernet leg into public network, give a public IP address, let it route SIP packets to SIP Provider.

Julien Tourel Fri, 10/01/2010 - 06:47

Thank you for your answer hguner.

Difficult to push that solution. My customer is not ready to change its internet connection today.

Does it mean SIP on GW is not supported behind a non-cisco NAT ?

Regards.

Julien

Steven Holl Fri, 10/01/2010 - 08:03

You can use a non-Cisco device for NAT, but whatever device you use *needs* to be able to do NAT inspection/fixup for SIP.  Otherwise, the other side is not going to get the right address in the SIP SDP for where to send RTP to.  You can run a packet capture, and you'll see the wrong IP in the SDP of the SIP INVITE/18X (or 200/ACK for delayed offer).

With SCCP, since that is proprietary, you need a Cisco NAT device.  SIP is an open standard, so other vendors could work.

Julien Tourel Fri, 10/01/2010 - 09:32

I understand intelligence in the NAT is a solution, but not the one I can propose to my customer. So I'm looking for intelligence in the GW.

STUN protocol could be a solution. Is STUN supported in voice GW ?

Regards

Julien

Actions

This Discussion

Related Content