Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

ip phones and nat

Does nat work for ip phones in the following situation that I have:

ip phone has a public address, ccm has a nonpublic address.

Router is the 4224 gateway, using ios 12.1(5)YD.

I cannot nat a direct, static, public-ip-to-private-ip. (But I can nat single static ip-to-ip tcp or udp ports). There is only one external ip address. The internal LAN, with private ips, is using nat with overloading.

The TFTP server is on the ccm.


I have tried the command suggested in the document at:

I believe the ccm is using port 2000, according to the debug packet details results on the 4224.

The issue I have come against is that the phone cannot get it's load from the tftp server (the internal ccm). It makes a request to udp port 69 on the router. I natted that port to the ccm. However, to continue the tftp session after acknowledging the tftp server on port 69 the phone makes requests to the tftp server using a pool of ports in the 3000-4000 range. It's not practical to enter nat commands for all those ports.

This is as far as I have gone. Is there a way nat a range of external ports to an internal ip address, given these conditions? Or am I off track?

New Member

Re: ip phones and nat

I heard the PIX firewall dynamically opens the high ports based on the h.323 negotiation. I suspect this functionality would be required if you don’t want to open all the ports. Maybe a proxy server would be a better option for you.

CreatePlease to create content