Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Help understaning NAT table for SIP

Hi Folks,

I've been battling SIP and NAT for nearly 3 months now   I've got to the point where I think I may well have found a bug in IOS.  Incoming calls are not getting to my CME, outbound calls are fine.  The sip-ua is registered fine.

2611xm-1#show sip-ua register status

Line                              peer        expires(sec)  registered

================================  ==========  ============  ==========

01xxxxx8882                       -1          86            yes

Without a static route, the NAT translation table on the 877 that connects to the internet looks like this:

877va-1#show ip nat translations

Pro Inside global      Inside local       Outside local      Outside global

udp 82.70.85.118:1024  192.168.1.254:5060 212.23.7.228:5060  212.23.7.228:5060

No incoming calls come through, but looking at the table, I understand why as the ITSP is routing calls to ports 5060, not 1024.

With this static route:

ip nat inside source static udp 192.168.1.254 5060 82.70.85.118 5060 extendable

The table looks like this:

877va-1#show ip nat translations

Pro Inside global      Inside local       Outside local      Outside global

udp 82.70.85.118:5060  192.168.1.254:5060 212.23.7.228:5060  212.23.7.228:5060

udp 82.70.85.118:5060  192.168.1.254:5060 ---                ---

Incoming calls come through, which makes sense as the port is now open!

If I delete the static route, clear the translation table and re-register the sip-ua the table looks like this:

877va-1#show ip nat translations

Pro Inside global      Inside local       Outside local      Outside global

udp 82.70.85.118:5060  192.168.1.254:5060 212.23.7.228:5060  212.23.7.228:5060

Calls come through for around 12 hours (probably until something times out and the sip-ua re-registers to the first scenario on port 1024).

Why is the 877 setting up the translation to port 1024 - what can I do to fix this?

My 877 settings are:

no ip nat service sip udp port 5060

ip nat inside source list 1 interface Dialer1 overload

ip route 0.0.0.0 0.0.0.0 Dialer1

ip route 192.168.2.0 255.255.255.0 192.168.1.254

My CME SIP settings are:

sip-ua

credentials username 01xxxxx8882 password xxxxxxxxxxxxxxxxxxx realm voip.zen.co.uk

authentication username 01xxxxx8882 password 7 xxxxxxxxxxxxxxxxxxxxxxxxx

nat symmetric role active

nat symmetric check-media-src

retry invite 3

retry register 10

timers register 150

registrar dns:voip.zen.co.uk expires 120

sip-server dns:voip.zen.co.uk

connection-reuse

  host-registrar

permit hostname dns:voip.zen.co.uk

permit hostname dns:asterisk01.voip.zen.co.uk

permit hostname dns:asterisk02.voip.zen.co.uk

Everyone's tags (2)
3 REPLIES

Help understaning NAT table for SIP

I don't think in a bug. Probably when your router uses 1024 port is in PAT.

What is your ios? Are there other translations when 1024 port is used?

Do you have already try to schedule a "clear ip nat trans" ?

Regards.

Community Member

Re: Help understaning NAT table for SIP

Thanks fo thre reply Daniele.

IOS is 15.3(3)M, but I've updated this today from an ealier version hoping to fix the problem.

If I do the following:

877va-1#show ip nat translations | include 5060
udp 82.70.85.118:1029  192.168.1.254:5060 212.23.7.228:5060  212.23.7.228:5060
877va-1#clear ip nat trans
877va-1#clear ip nat translation *

877va-1#clear ip nat statistics

Then on the CME box, re-register the sip-ua.


877va-1#show ip nat translations | include 5060
udp 82.70.85.118:1030  192.168.1.254:5060 212.23.7.228:5060  212.23.7.228:5060

It takes the next port.  Its never using 5060 in the first place from what I can tell

Community Member

Re: Help understaning NAT table for SIP

I've been trying all afternoon to make some sense of this.  The only way I can get it to NAT 5060->5060 is by putting a static NAT route in, which I believe I shouldn't have to do.

Any help?

665
Views
0
Helpful
3
Replies
CreatePlease to create content