We have a customer who uses NAT extensively in their network. All their locations have a NAT traversal. They are using their proprietary linux based firewall. The NAT is happening on the firewall. Firewall is the end device. All the IP's are going natted regardless of the traffic. The IP address is natted when it leaves the location 'A' and again it is natted at the remote location 'B' when it enters the remote firewall. Now they want to implement cisco IP Telephony into their network!!!
1. The CUCM is kept at the Head Office.
2. Asked them to open all the necessary ports mentioned in the cisco doc.
3. Registered the Head Office IP Phone.
4. Registered the remote location's IP Phone to the Head Office CUCM server.
But there is no audio flowing through when the call is established. Dead Air!! I know its a tough one. But I beleive there will be a work around solution for this. I have read some doc mentioning to keep a router. But I do not know how the router would help us here. We cannot change the firewall and also its not possible to disable IP NATTING.
The big issue here is not IP telephony, it is the customer's device that is performing NAT (in this case their firewall).
Some protocols are easier to NAT than others, For example, TFTP is pretty easy. SIP, H.323 and SCCP are much harder because the "real" IP address of the endpoint is not just carried in the layer 3 packet, but it is also carried in higher level protocols further up the stack. A firewall that just can do layer 3 NAT will break protocols that do this as the IP addresses in the higher layer protocol packets are not converted and you end up with a mismatch. There are plenty of other non voice protocols that also get broken by simple layer 3 NAT devices.
The reason SCCP, SIP and H.323 are more difficult is that the real IP addresses are carried in the call control messages handled further up the stack. A firewall performing NAT should also be capable of performing "application inspection", finding these IP addresses and NATing them as well. Simply performing NAT at layer 3 is NOT enough.
Various vendors call application inspection different things, however most firewalls are capable of performing it at some level or other. I've tested SCCP traffic through both Cisco ASA/PIX and Checkpoint and have got it to work. I also seem to remember getting it to work with Sonicwall but I had to create custom rules as it didn't work out of the box. Your mileage will vary with other firewall vendors. SIP and H.323 are more commonly supported on 3rd party vendors than SCCP, however if your CUCM is being NATd then you must have a firewall that supports SCCP NAT at the application layer.
In summary; Cisco telephony can absolutely be made to work over a NAT environment, however they key is that the device that is performing NAT MUST be able to perform in depth packet inspection of the protocol you are running. This is true of Cisco, Avaya, Mitel, Nortel, Asterix etc etc. SIP is another protocol where you must perform application inspection as it works pretty much the same way as SCCP from a NAT perspective.
A Cisco router running IOS firewall can perform application inspection for SCCP. You might be able to look at putting a router in parallel to the firewall and using it to NAT the CUCM server instead. You will however have to be careful with routing to ensure you don't get asymetric traffic flows.
The short answer is that you don't.... That isn't entirely true while at
the same time it kind of is, but for the most part you don't configure
the softkeys. You enable or disable them via TCL. Here is the long
answer. Be sure to read the whole thing or e...
Topology: IP Phone > Switches > Microsoft NPS setup to forward 802.1x
proxy to > ISE 2.1 patch 3 Authentication: EAP-TLS using Cisco MIC SANs
Phone Models 802.1X support? 802.1x flavor Addtl Comment EAP-MD5 EAP-TLS
Cisco 3905 Y Y N Cisco 6911 Y Y N Cisco ...
This document describe how DST changes and how time changes are
implemented in DST. Daylight Saving Time (DST) is the practice of
setting the clocks forward 1 hour from standard time during the summer
months, and back again in the fall, in order to make b...