Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Router 857w SIP, RTP issue

Hi Guys,

I have a cisco 857 router, and i have 2 Cisco SPA 962 sitting behind it. The router is using has a static ip and NATing over to a private ip. I am having the issue with that the SIP signalling is getting through the router NAT, but the RTP isn't working.

I have tried a couple of ways, one way by configuring CBAC, but i get the issue of no RTP at all.

But if i manually configure ACLs, SIP singalling works, RTP works for outbound calls, but when i make an inbound call i only get one-way audio. The outside phone can hear the audio, but the phone inside can't hear anything.

I have attached my show run (minus passwords, etc)

When i usually have this kind of issue, i disable SIP ALG. Can you disable SIP ALG? Is so, how?

Thanks you,


New Member

Re: Router 857w SIP, RTP issue

You do allow inbound SIP to pass, but not the RTP streams. The port used varies per session. To allow RTP to pass you'll have to modify the named accesslist to allow the incoming RTP stream. Since the port is dynamic you'll have to allow most if not all udp ports and make use of other tools to block unwanted traffic.

New Member

Re: Router 857w SIP, RTP issue

I have added. UDP and TCP RTP ports (1024 to 65535) and disabled CBAC, and i am still having issues.

*I am just surpised that no one else has come across the same problems i have. Is there something i am missing?


interface Vlan1

description Internal Interface$FW_INSIDE$

ip address

ip nat inside

ip virtual-reassembly

ip tcp adjust-mss 1452


interface Dialer1

description ISP Interface$FW_OUTSIDE$

ip address negotiated

ip access-group internet in

ip nat outside

ip virtual-reassembly

encapsulation ppp

dialer pool 1

dialer-group 1

no cdp enable

ppp authentication chap pap callin





ip route Dialer1


ip http server

ip http authentication local

ip http secure-server

ip http timeout-policy idle 60 life 86400 requests 10000

ip nat inside source list 1 interface Dialer1 overload


ip access-list extended internet

permit tcp any any range 1024 65535

remark SDM_ACL Category=16

permit udp any any range 1024 65535

permit udp any any eq 5060

deny ip any any log


access-list 1 remark INSIDE_IF=Vlan1

access-list 1 remark SDM_ACL Category=2

access-list 1 permit

dialer-list 1 protocol ip permit

no cdp run




New Member

Re: Router 857w SIP, RTP issue

In addition to this you'd need to use symmetric RTP since you're NATing. Below is some information on how to use RTP in a NATed scenario

New Member

Re: Router 857w SIP, RTP issue

I already got symeetic up and running already.

I found the issue, the issue was that the IOS SIP AlG wasn't good. ( 12.4(6)T) Anything before, 12.4(6)T, you should upgrade to the lastest IOS image. I used this image: c850-advsecurityk9-mz.124-15.T1.bin.

Thanks for everyones help.