×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

"NAT Aware" SIP trunk in Call Manager 8.5

Answered Question

I currently have CM8.5 running with a SIP provider trunk out to the internet.  It is running via CUBE that is on a DMZ.  The firewall is an ASA and it is doing SIP inspection, so the payload is being NAT'd along with the ip headers.  We are replacing the ASA with another firewall that appearently does not do SIP inspection.  Is there a way in CM8.5 to setup a SIP trunk with the global IP address being used in the SIP payload instead of the internal address?

Correct Answer by Jonathan Schulenberg about 3 years 10 months ago

Nope. CUCM is not supposed to be exposed to an untrusted network. CUBE can do it if you bypass the firewall and give the outside interface a public IPv4 directly. If you have sufficient CPU headroom, you could enable IOS zone-based firewalling to protect the router. If not, use an ACL to deny all traffic except to/from the ITSP SIP Proxy and established connections.



Please remember to rate helpful responses and identify helpful or correct answers.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
Jonathan Schulenberg Fri, 09/27/2013 - 05:59
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 IP Telephony

Nope. CUCM is not supposed to be exposed to an untrusted network. CUBE can do it if you bypass the firewall and give the outside interface a public IPv4 directly. If you have sufficient CPU headroom, you could enable IOS zone-based firewalling to protect the router. If not, use an ACL to deny all traffic except to/from the ITSP SIP Proxy and established connections.



Please remember to rate helpful responses and identify helpful or correct answers.

Jonathan Schulenberg Fri, 09/27/2013 - 12:43
User Badges:
  • Super Bronze, 10000 points or more
  • Cisco Designated VIP,

    2017 IP Telephony

I don't have a working example of this handy; however, I have seen it mentioned during Cisco Live presentations. The recordings are now free at ciscolive365.com. If no one else responds, you may want to poke around there.



Please remember to rate helpful responses and identify helpful or correct answers.

Actions

This Discussion