Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
857
Views
0
Helpful
0
Replies

NAT UDP PORT RANGE

Jason Ryan
Level 1
Level 1

‎05-10-2014 06:57 AM - edited ‎03-04-2019 10:57 PM

Alright, I know this question has been asked half a dozen times, but I want to throw another variable into play.

I have a Cisco 881 with a DHCP address on the WAN. The IP is static assigned to my MAC by the provider but my device has to be DHCP to get it.

So I only have 1 ip address allocated on this link.

I also have an IPSec site to site VPN tunnel on the 881 to a remote datacenter.

All of this if working normally. 

Problem:

I have a Fonality phone system behind the 881 that needs UDP ports 10000-60000 NATed to it.

Ive used the below config and the UDP port forward works just fine. 

 

****

ip access-list extended UDP-RTP
 permit udp any host 192.168.0.5 range 10001 60000

route-map VOIP-RTP permit 10
 match ip address UDP-RTP

ip nat inside source static 192.168.0.5 X.X.X.X route-map VOIP-RTP

****

If you notice on the last command that you are not allowed to use a route-map on an interface so I had to type in the WAN ip address. 

With this config in place, the UDP ports forward and the RTP streams work great! However, when my tunnel goes to renegotiate or refresh, no go. It wont come back up. Further, my SSL VPN Client (not critical) on port 4343 doesnt connect either. 

So in essence, the UDP port forward breaks my IPSec tunnel.

Ive already requested more IPs to accommodate the Fonality because thats the right way, but itll take a few days to get em.

In the meantime, is there a way to do this?

 

Thank you 

Jason Ryan

3 people had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card