Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PAT/IPSEC bug is back?, or never completely solved?

Hello,

tested/detected on only a  877W with firmware 15.0(1)M and now also 15.0(1)XA1

about BugID/document: CSCeb31945 / CSCsc80859, which has status solved, and has a workaround.

basically its about using pat like:

ip nat inside source static udp <internal IP> 5060 interface Dialer0 5060

which forwards also other packets like IPSEC to the <internal IP>, which is very anoying when trying to use IPSEC, but als ntp and ip sla usage wil not function anymore..

now this has been solved, and seems to work fine in above statement, i'd had reasons to change to a little other constuction:

ip nat inside source static udp <internal IP> 5060 <external ip> 5060 route-map Networks_2B_NATed_routemap extendable

and now the issue is back in full glory.

took a while to detect what's was going on, as all other statements just worked fine, except this udp sip entry.

applying this PAT entry wil not result directly in a nonfunctioning IPSEC/NTP/ip sla, but for sure after a reload, IPSEC never will work, neither other services. it looks like it needs some time, (or perhaps triggered by my internal SIP phone)

for IPSEC you can use the ugly workaround by changing as mentioned the IPSEC port, and just "overrule" this behavior with another PAT entry.

I choose for now to reuse the old PAT statement, as i can live for now with it, but i wouln't keep this information by myself, and perhaps it shall be fixed.

Well actually i'm realy curious, if someone can confirm this behaviour?

't took me some time, as i did only discover the issue after a reload, and further testing learned it was also earlier te detect.

Regards,

Arjan Filius

Everyone's tags (6)
391
Views
0
Helpful
0
Replies