Obviously the RTP stream is being blocked or lost coming into the phone. What device is the phone calling; another IP Phone, a voice gateway, or both? You mentioned "one-to-one" NAT. Do you mean that you have a static NAT mapping or simply that you aren't using the overload command to turn NAT into PAT?
Connectivity is there; at least on most ports. That is why the phone can register and you can ping it. However, the high-end udp port that RTP uses is not getting mapped inside. Can you snip out the NAT config from the router and post it? I'd be interested in seeing that.
I think it is being stoped at the checkpoint firewall. it is a checkpoint firewall that is doing the static nat mapping of the phone.
The weird thing to me is that I can call the phone. if the callmanager has the ip address of the inside nat # why can I even call it? if the stream was sent to the outside nat number and then translated to the inside # i would think it would work.
2 possible reasons why you can receive a call, but not recieve audio. The first is simple ports. Call control is established from the CCM using SCCP, which uses TCP port 2000. The RTP stream uses (correct me if I'm wrong here) a random UDP port up in the 16000. That's why voice through a NAT requires special attention.
The other reason is because to receive a call, the phone must be reachable, and must be able to reach, the CallManager. However, CallManager only facilitates the call setup. The voice path, the actual RTP stream travels directly from one phone or gateway to the other phone or gateway. And being RTP, a connectionless protocol, no error is generated if one of the end devices cannot reach the other, so long as both can reach, and be reached by, the CallManager.
The problem is not with the firewall, it's with the NAT process. If you had a PIX firewall, you could use an "application level gateway" feature called "fixup protocol". This would fix the IP addressing in the Skinny setup messages. I don't think Checkpoint has support for SCCP NAT fixup. You'll have to get them a 3002 hardware client at the remote site and dial it into your IOS box or PIX at the core. This is plug and play and will work fine.
The short answer is that you don't.... That isn't entirely true while at
the same time it kind of is, but for the most part you don't configure
the softkeys. You enable or disable them via TCL. Here is the long
answer. Be sure to read the whole thing or e...
Topology: IP Phone > Switches > Microsoft NPS setup to forward 802.1x
proxy to > ISE 2.1 patch 3 Authentication: EAP-TLS using Cisco MIC SANs
Phone Models 802.1X support? 802.1x flavor Addtl Comment EAP-MD5 EAP-TLS
Cisco 3905 Y Y N Cisco 6911 Y Y N Cisco ...
This document describe how DST changes and how time changes are
implemented in DST. Daylight Saving Time (DST) is the practice of
setting the clocks forward 1 hour from standard time during the summer
months, and back again in the fall, in order to make b...