Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

IP Nating in Cisco IP Telephony

Hi ,

We are building up IPT(Call Manager ,Unity,Presence) environment in standalone setup with IP address (172.16.1.X ...).

we are using Cisco 3925 POE switch and 2911 Router.

Now ,we need to connect our system to customer network(10.4.X.X) ,but the customer doesn't  want to connect our system directly to his network so he suggested to us do Nating to avoid any other network issues.They are provding uplink from their switch to our Router.

They are providing only one IP address from their internal segment ,we need to do Nating in our Router and they will do the same in their system as well.

My question is how the phones will get register to our system , because  I guess, we are using one to many IP nating.

I think if we nat one to one IP ,then Phones will register using one of the segment IP address.Also,we have to use phones &  jabber on mobile connected to the customer network.

So,how can we acheive the above using only one internal IP address ?

Will this work ,if we do one to many Nating ?

Thanks for your reply in advance...














Not possible to do. 

Not possible to do. 

Please rate useful posts.
Community Member

Thanks George for your reply.

Thanks George for your reply...

Will that be possible if we use one to one mapping .In that case,we need three IP address so that it will be mapped to IPT devices accordingly,so the phones will register by connecting to one of the internal IP mapped to CUCM.

Please correct me if I am wrong...




Doubt it, there are a lot of

Doubt it, there are a lot of moving parts in VoiP that NAT will break. SDP, certs etc. You could look at using a CUBE for this and try using Phone proxy on it but phone proxy as I hear it has its own problems since the product is too new.

Please rate useful posts.

If you can do one to one, it

If you can do one to one, it should work okay if the device doing the NAT supports SCCP/SIP inspection.


Otherwise you would need to use something like SIP lineside proxy on CUBE for SIP phones.  Regular phone proxy isn't supported past CUCM 7.1.5.


Another option would be to set up an ASA and do phone VPN with Anyconnect running on the customer's phones.

Community Member

Hi Brian, Thanks , I have

Hi Brian,


Thanks , I have completed one to one nating successfully and I am able to access cucm using natted ip,but phones are not registered.


Please advice whether we are missing any configuration here.




What model phone?  Running

What model phone?  Running SCCP or SIP?  Do you have packet captures from both sides of the device doing the NAT?  Are you changing the address of CUCM via NAT as well?  If so, that won't work due to the TFTP config files not being updated with the new address.  You would need something like phone proxy on an ASA to handle that kind of setup and that only works for SCCP phones on pre-8.x CUCM versions.

Community Member

 Thanks Brian ... I have

 Thanks Brian ...
We are using 7941 ,9971 and DX 850 in our setup.We are using SCCP as well SIP phones and we have configured NAtting in our POC setup router( the router configuration for your reference.
I have capture the wire shark traces from the phone and CUCM.
Monitoring Source Port (IP Phone IP Address)  - 
Monitoring Destination Port (PC Port) -
CUCM/TFTP IP address - (natted to
Attached the CUCM packet capture logs and wireshark from the PC.Can you please check again and let us know why the phones not registering ?
Need your help on this....

Like I said before, you can't

Like I said before, you can't NAT the CUCM IP address.


What happens is the phones reach out to for TFTP and get this back in the config file:
















So now the phones try to register with but they can't reach that address so registration fails.  You would need something that could intelligently change those config files.  The only thing ever made like that was Phone Proxy on the ASA but it only supported older versions of CUCM and only supported SCCP phones.


You'll have to use something like phone VPN.


CreatePlease to create content