Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco 1811, problem with NAT and MGCP

I am want to use an IAD in Internet with MGCP behind a Cisco 1811 using the C181x-adventerprisek9-mz.124-11.T image.

IAD(MGCP)-->C1811-->Internet-->Softswitch

<------->NAT

My IAD registers with the Softswitch but I am not able to establish calls with it.

After some tests and sniffing the WAN interface of my 1811, I realized that when trying to make a call, during the signalling, the IAD makes a response to a "Creat Connection" packet sent by the Softswitch. This response sent by the IAD is changed by the NAT (1811)and the packet goes damaged in this process; the layer 3 checksum of the packet goes to INCORRECT and the packet is discarded at the next hop. I did the same scheme with a PIX 515 and the call is established without any problem. I believe its a bug; does someone knows a way to go around this problem? This is my Cisco 1811 configuration:

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname PRUEBAS

!

boot-start-marker

boot-end-marker

!

enable password

!

no aaa new-model

!

!

ip cef

!

!

ip domain name prueba

!

multilink bundle-name authenticated

!

!

!

interface FastEthernet0

ip address 200.X.X.X 255.255.255.248

ip nat outside

no ip virtual-reassembly

duplex auto

speed auto

!

!

interface FastEthernet1

no ip address

shutdown

duplex auto

speed auto

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

!

interface FastEthernet5

!

interface FastEthernet6

!

interface FastEthernet7

!

interface FastEthernet8

!

!

interface Vlan1

ip address 192.168.0.254 255.255.255.0

ip access-group ALL in

ip nat inside

no ip virtual-reassembly

!

interface Async1

no ip address

encapsulation slip

!

ip route 0.0.0.0 0.0.0.0 200.X.X.X

!

!

no ip http server

no ip http secure-server

ip nat inside source list NAT interface FastEthernet0.3 overload

ip nat inside source static 192.168.0.150 200.X.X.X

!

ip access-list extended NAT

permit ip 192.168.0.0 0.0.0.255 any

ip access-list extended ALL

permit ip any any

!

!

line con 0

line 1

modem InOut

stopbits 1

speed 115200

flowcontrol hardware

line aux 0

line vty 0 4

password cisco

login

transport input telnet ssh

line vty 5 15

password kas

login

transport input telnet ssh

!

!

webvpn context Default_context

ssl authenticate verify all

!

no inservice

!

end

242
Views
0
Helpful
0
Replies