Hello.
I think i'm experimenting a weird behavior in my Cisco 2600 Router. I have a interface (FastEthernet 0/0) with a public IP, and the other interface with a private IP (Fastethernet 0/1).
In the private side i have a SIP device making calls to a proxy SIP ni the public side. When the calls is passing through the NAT i see the next debug :
*Mar 1 00:15:55.687: NAT: [0] Allocated Port for 10.0.0.3 -> 200.10.11.220: wanted 2080 got 2080
*Mar 1 00:15:55.687: NAT: i: udp (10.0.0.3, 2080) -> (200.10.10.43, 53) [19574]
*Mar 1 00:15:55.687: NAT: s=10.0.0.3->200.10.11.220, d=200.10.10.43 [19574]
*Mar 1 00:15:55.691: NAT: o: udp (200.10.10.43, 53) -> (200.10.11.220, 2080) [34956]
*Mar 1 00:15:55.691: NAT: s=200.10.10.43, d=200.10.11.220->10.0.0.3 [34956]
*Mar 1 00:15:55.711: NAT: [0] Allocated Port for 10.0.0.3 -> 200.10.11.220: wanted 30025 got 1025
*Mar 1 00:15:55.715: NAT: i: udp (10.0.0.3, 5060) -> (200.10.10.110, 5060) [19575]
*Mar 1 00:15:55.715: NAT: SIP: [0] processing INVITE message
*Mar 1 00:15:55.715: NAT: SIP: [0] translated embedded address 10.0.0.3->200.10.11.220
*Mar 1 00:15:55.715: NAT: SIP: [0] translate embedded port 5060->30025
*Mar 1 00:15:55.719: NAT: SIP: [0] translated embedded address 10.0.0.3->200.10.11.220
*Mar 1 00:15:55.719: NAT: SIP: [0] No port present. Use new port 5060->30025
*Mar 1 00:15:55.719: NAT: SIP: [0] message body found
*Mar 1 00:15:55.723: NAT: create door to inside: udp (0.0.0.0/*, 0/*) -> (200.10.11.220, 23156)
*Mar 1 00:15:55.723: NAT: create door to inside: udp (0.0.0.0/*, 0/*) -> (200.10.11.220, 23157)
*Mar 1 00:15:55.727: NAT: SIP: old_sdp_len:281 new_sdp_len :286
*Mar 1 00:15:55.727: NAT: UDP s=5060->1025, d=5060
*Mar 1 00:15:55.727: NAT: s=10.0.0.3->200.10.11.220, d=200.10.10.110 [19575]
*Mar 1 00:15:55.731: NAT: o: udp (200.10.10.110, 5060) -> (200.10.11.220, 1025) [0]
*Mar 1 00:15:55.735: NAT: SIP: [1] processing SIP/2.0 407 Proxy Authentication Required message
this is just a snippet from the debug.
What i can't understand is this line :
*Mar 1 00:15:55.711: NAT: [0] Allocated Port for 10.0.0.3 -> 200.10.11.220: wanted 30025 got 1025
Why the router "denies" the port 30025 and uses the 1025 insted?. I have a static route that forces the use of the 30025 port.
I need to map the port 5060 to the port 30025 for that IP in particular, but is not working.
Can somone tell me if i'm missing something? This is my configuration :
interface FastEthernet0/0
ip address 200.10.11.220 255.255.255.224
ip nat outside
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.0.0.2 255.255.255.224
ip access-group 107 in
ip nat inside
duplex auto
speed auto
!
ip nat pool ovrld 200.10.11.220 200.10.11.220 prefix-length 27
ip nat inside source list 7 pool ovrld overload
ip nat inside source static udp 10.0.0.3 5060 200.10.11.220 30025 extendable
no ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 200.10.11.193
ip route 10.0.0.0 255.255.255.224 FastEthernet0/1
!
!
access-list 7 permit 10.0.0.0 0.0.0.27
access-list 7 deny any log
Can someone help me here?
Regards,
Ricardo