Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
Community Member

CUCM behind NAT: How to register w/o VPN?

 

Hello dear community,

 

I would like to know if there's a way to get remote phones registered on cucm hidden by a NAT firewall (without VPN stuff)?

 

(IP Phones/Local DHCP server) ---- [FW A] ---- (Internet) ---- [FW B] ---- (CUCM/TFTP)

 

My ipphones can download their config files via HTTP (thanks to NAT setup on FW B and option 150 on local DHCP server that point on IP public of FW B)... but could never get registered!

 

Inspecting the cnf.xml files downloaded by my remote ipphones i could see that:

 

<callManager>
<name>
192.168.2.1</name>
<description>CUCM Publisher</description>
<ports>
<ethernetPhonePort>2000</ethernetPhonePort>
<sipPort>5060</sipPort>
<securedSipPort>5061</securedSipPort>
<mgcpPorts>
<listen>2427</listen>
<keepAlive>2428</keepAlive>
</mgcpPorts>
</ports>
<processNodeName>
192.168.2.1</processNodeName>
</callManager>

 

We can see that the CUCM ip address are the private IP, not the public with NAT stuff...

How could I configure publique IP in the tftp files? Or Maybe Am I on the wrong way?

 

Thanks,

Greg

Everyone's tags (1)
1 REPLY

Hi gregoryesnaud,You can

Hi gregoryesnaud,

You can accomplish this on Unified Communications Version 10 integrating Expressway Technology, for version prior 10 there is many forms to register remotes IP Phones into CUCM but all of them are with VPN, like PTP VPN (need at least 2 routers or FW), easy VPN remote (need at least 2 routers or FW), VPN Phone (You need central SSL VPN Server, and only with certain IP Phones), etc.

Your desired design is not recommendable.

Regards.

631
Views
0
Helpful
1
Replies
CreatePlease to create content