Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Need help for NAT, ACL for VoIP

Dear experts

I configure my PBX server to work with one VoIP provider. When I put the server in blank network, mean that without VLANs.

The IP PBX server can register to the VoIP provider system normally and I can make call out and receive calls normally.

However,  when I put the PBX behind the Cisco router with some configuration. The  PBX cannot register with the VoIP provider system.

Eventhough I can receive calls from outside but can not make a call from inside to outside, because of the PBX cannot register.

Could you please help me to point out what is wrong with my Cisco router configuration.

Thanks a lot

Building configuration...

Current configuration : 1982 bytes

!

! Last configuration change at 17:18:27 UTC Mon Feb 24 2014

version 15.1

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Router

!

boot-start-marker

boot-end-marker

!

!

enable secret 5 $1$ZJEF$8np0QvQTD1nTaOosa9yGW1

!

no aaa new-model

memory-size iomem 20

!

no ipv6 cef

ip source-route

ip cef

!

!

!

!

!

multilink bundle-name authenticated

!

!

crypto pki token default removal timeout 0

!

!

license udi pid CISCO2911/K9 sn FTX1603AH9C

!

!

!

!

!

!

!

!

interface Embedded-Service-Engine0/0

no ip address

!

interface GigabitEthernet0/0

description internal-LAN

ip address x.x.x.4 255.255.0.0

ip nat inside

ip virtual-reassembly in

duplex auto

speed auto

!

interface GigabitEthernet0/1

no ip address

duplex auto

speed auto

!

interface GigabitEthernet0/1.1

encapsulation dot1Q 11

ip address 172.x.x.1 255.255.240.0

!

interface GigabitEthernet0/2

description internet

ip address 50.x.x.93 255.255.x.x

ip nat outside

ip virtual-reassembly in

duplex auto

speed auto

!

ip forward-protocol nd

!

no ip http server

no ip http secure-server

!

ip nat inside source list 100 interface GigabitEthernet0/2 overload

ip nat inside source static udp x.x.x.8 5060 50.x.x.93 5060 extendable

ip route profile

ip route 0.0.0.0 0.0.0.0 50.x.x.94

ip route 172.16.240.0 255.255.x.0 x.x.x.5

ip route 172.16.242.0 255.255.x.0 x.x.x.5

!

access-list 100 permit ip x.x.0.0 0.0.255.255 any

access-list 100 permit ip 172.16.240.0 0.0.0.255 any

access-list 100 permit ip 172.16.242.0 0.0.0.255 any

access-list 100 permit udp any any range 5004 5090

access-list 100 permit udp any any range 10000 20000

!

!

!

control-plane

!

!

!

line con 0

1 REPLY

Need help for NAT, ACL for VoIP

Hello.

Do you have the same static NAT mapping for TCP 5060?

132
Views
0
Helpful
1
Replies
CreatePlease to create content