Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Call Manager and Users Behind NAT

This is a design question. Let's say I have Call Manager and all of my users behind a PIX. The CM is NAT'd to a single adress and all of the users are PAT'd to a single address. I want users to be able to take phones home and work from their broadband connection (yes, I know all about QoS over the Internet, that's not a concern at the moment). When I open the H.323 ports to the CM, my phone registers and I get dial tone and everything seems fine. When I try and make a call to another user, I run into the NAT Issue. I am trying to connect to a user and they are PAT'd not NAT'd, so I can't get to them. The question I have is "is there a way around this? Is there a way to configure some device on the network to be a gateway that acts as a translater between the external users and the internal users?". I don't want to have to NAT every single phone. And I don't want to have to setup a VPN. I want them to be able to plug in their phones and go.

New Member

Re: Call Manager and Users Behind NAT

You don't say what phones you are using. I'm only aware of the 7905 that supports H.323. H.323 and PAT don't work together well unless your router is H.323 NAT aware since the RTP stream's port numbers are dynamically assigned as part of the H.225/H.245 setup.

Re: Call Manager and Users Behind NAT

What are you using as the router on the end of the broadband.

What addresses are the routers giving out to the Phones (and what are they subsequently telling call manager) Cheap SoHo routers (LinkSYS, NetGear etc.) give out 192.168.0.x / 1.X so you'll end up with hundreds of phones all declaring them selves as the same address. I'm Spartacus!(for the film buffs out there)

IP Phones do work through NAT / NAT Overload / PAT, but you need to make sure that your network knows how to get to those destinations.

This unfortunately means that you need to manage your whole addressing scheme very closely for home users over broadband.

Another thing to think about is what addressing are you getting from the ISP? If it's DHCP I'd hate to be looking after your routing tables on your core router.

Somethings to think about.


New Member

Re: Call Manager and Users Behind NAT

peangvall, i suppose you are connecting via H323 since that was in your post. For NAT to work with H323 you must be running a PIX 6.3 and have the fixup H323 running, this is due to the IP header is nated, but the H323 payload is not, thus the fixup corrects this and NAT's all entries even in the payload.

New Member

Re: Call Manager and Users Behind NAT

In my experience I've been able to deploy IP Phones on the other side of a NAT/PAT connection. The only issue I had was the MWIs were sometimes flaky.

I've had zero luck on the other side of NAT/PAT with applications such as, desktop agents and Attendant Console.