Solved: Overlapping 192.16.x.x subnets - Page 2

Steve Coady · ‎10-16-2013

Hello

I acquired a comany comprising of 5 sites. I am phasing these onto my AVPN network which currently consists of 12 sites.

The phasing aspect is being done by denying their subnets from my current routers and vice-verse.

The new sites have re-ip addresssed their LAN subnets. However, -These new sites are using a specific subnet, say 192.168.101.x for their VoIP system.

-I am already using that same subnet for my data center.

The same subnet range plays an important role for each company.

I am using Cisco 29xx and 39xx routers for ALL sites with "universalk9-mz.SPA.152-4.M3.bin"

It seems I should be able to create a pool on the (5) new site routers that NAT that subnet, 192.168.101.x to some other subnet range. I could then allow

that subnet to be rouer only amongst the new sites until their new VoIP system is in place. I could deny that natted subnet from my current AVPN routers.

The plan seems simple enough.

Can this be done?

If so, please provide configuration examples to help me implement this.

sMc

sganpat · ‎10-17-2013

Yes. That static is correct.

But since this is a VoIP network, you might have some problems because voice traffic, whether it's H.323 or SIP, embeds the IP within the payload, and that does not get translated. Calls will go through, but you will not hear anything.

Sachin

Steve Coady · ‎10-17-2013

Sachin

"Calls will go through, but you will not hear anything" = not good.

if it is embedded in payload and payload gets transmitted, why won't this work?

What options do I have?

This has to work?

sMc

Steve Coady · ‎10-17-2013

Sachin

Per a document witha title of Voice and Multimedia over IP networks

"The NAT Support for SIP feature allows SIP embedded messages passing through a router configured with NAT to be translated and encoded back to the packet"

So it looks like I need to use an Application-level gateway

sMc

Steve Coady · ‎10-17-2013

I am using the following IOS

universalk9-mz.SPA.152-4.M3.bin

Per the Cisco Feature navigator this version has supprt for NAT - Support for SIP IP, IP addressing and Application services

This version also has support for NAT-PT: support for DNS ALG and FTP ALG

Do you have any knowledge of an IOS version required to support what I am trying to accompish?

sMc

sganpat · ‎10-17-2013

I have no experience with ALG but you can try it. Your IOS version should already support it.

ip nat service sip udp port 5060

ip nat service sip tcp port 5060

Sachin

Steve Coady · ‎10-18-2013

Sachin

This conversation has been very helpful. Thank you for the input.

One question that lingers for me is what to do and/or how to verify, prior to production implementation, that your prior statement of "But since this is a VoIP network, you might have some problems because voice traffic, whether it's H.323 or SIP, embeds the IP within the payload, and that does not get translated. Calls will go through, but you will not hear anything. is not what will happen?!?

sMc

sganpat · ‎10-17-2013

No, you won't need the access-list.

Sachin