This is a design question. Let's say I have Call Manager and all of my users behind a PIX. The CM is NAT'd to a single adress and all of the users are PAT'd to a single address. I want users to be able to take phones home and work from their broadband connection (yes, I know all about QoS over the Internet, that's not a concern at the moment). When I open the H.323 ports to the CM, my phone registers and I get dial tone and everything seems fine. When I try and make a call to another user, I run into the NAT Issue. I am trying to connect to a user and they are PAT'd not NAT'd, so I can't get to them. The question I have is "is there a way around this? Is there a way to configure some device on the network to be a gateway that acts as a translater between the external users and the internal users?". I don't want to have to NAT every single phone. And I don't want to have to setup a VPN. I want them to be able to plug in their phones and go.
You don't say what phones you are using. I'm only aware of the 7905 that supports H.323. H.323 and PAT don't work together well unless your router is H.323 NAT aware since the RTP stream's port numbers are dynamically assigned as part of the H.225/H.245 setup.
What are you using as the router on the end of the broadband.
What addresses are the routers giving out to the Phones (and what are they subsequently telling call manager) Cheap SoHo routers (LinkSYS, NetGear etc.) give out 192.168.0.x / 1.X so you'll end up with hundreds of phones all declaring them selves as the same address. I'm Spartacus!(for the film buffs out there)
IP Phones do work through NAT / NAT Overload / PAT, but you need to make sure that your network knows how to get to those destinations.
This unfortunately means that you need to manage your whole addressing scheme very closely for home users over broadband.
Another thing to think about is what addressing are you getting from the ISP? If it's DHCP I'd hate to be looking after your routing tables on your core router.
peangvall, i suppose you are connecting via H323 since that was in your post. For NAT to work with H323 you must be running a PIX 6.3 and have the fixup H323 running, this is due to the IP header is nated, but the H323 payload is not, thus the fixup corrects this and NAT's all entries even in the payload.
SIP traces provide key information in troubleshooting SIP Trunks, SIP
endpoints and other SIP related issues. Even though these traces are in
clear text, these texts can be gibberish unless you understand fully
what they mean. This document attempts to br...
Please find the attached HTML document, download and open it on your PC.
This provides an easy to use form where you simply answer a few
questions and it will render the proper jabber-config.xml file for you
to copy/paste. There is built in logic to verif...
CUCM Database Replication is an area in which Cisco customers and
partners have asked for more in-depth training in being able to properly
assess a replication problem and potentially resolve an issue without
involving TAC. This document discusses the bas...