[c-nsp] Cisco 1721 NAT (possibly) debugging

Timothy Young tmyoungjr at gmail.com
Wed Nov 18 12:43:15 EST 2009 

Here's my scenario as I understand it (i've inherited this w/ no option to
ask the prior involved parties sadly).

We are a VOIP service provider.  We have a commercial customer with a 1721
onsite.

The 1721 was provided, configured and left onsite.  We setup NAT, and enough
QoS for the VOIP to play nice on their network (it's not huge by any
means).  We did not do any port forwarding or special configuration beyond
again the bare essentials to get them functional.  Fast forward a few
months.  This same customer is attempting to demo some video
teleconferencing via the same router / connection.  What they claim happens
is that when initiating a call from the inside out to a remote site, the
video works fine.  When initiating from the remote site into the office
where this 1721 sits, a connection is never completed.  Now, we did not
forward any ports, but upon closer inspection of the 1721 it seems their
consultant at some point has (we were not aware that they were given the
credentials to the router, that has been rectified).  What I am looking for
is a way to troubleshoot this, I am not a NAT person in the cisco world, so
where to begin debugging or the like is what I'm looking for.  Below are the
exact instructions from the vendor for required port forwarding and then
what i think are the relevant config snippets (of note - the public IP in
the port forwarding is the same for every line and most of the private side
IPs are the same too - its generally just for one device).  Any assistance
would be greatly appreciated.  I do have to go over their config with them
on their device also just to verify they're using the right info.

thanks

tim

====

1.1. Forward port 1720 TCP to the private IP of the LifeSize system.
1.2. Forward TCP ports 60,000 and 60,001 to the private IP of the LifeSize
system.  If you have other services on these ports, you can forward any
other 2 TCP ports in
the 60,000 - 64,999 range.
1.3. Forward UDP ports 60,000 to 60,007 to the private IP of the LifeSize
system.  If you have other services on these ports, you can forward any
other 8 UDP ports in
the 60,000 - 64,999 range.  (NOTE: 2 TCP and 8 UDP is the minimum number of
ports required for a single
point-to-point H.323 video call.)

====

Cisco IOS Software, C1700 Software (C1700-IPBASEK9-M), Version 12.4(23),
RELEASE SOFTWARE (fc1)
Cisco 1721 (MPC860P) processor (revision 0x100) with 58441K/7095K bytes of
memory.
Processor board ID FOC0711072N (2350872456), with hardware revision 0000
MPC860P processor: part number 5, mask 2
1 FastEthernet interface
1 Serial interface
WIC T1-DSU
32K bytes of NVRAM.
16384K bytes of processor board System flash (Read/Write)


interface FastEthernet0
 ip address 192.168.x.x 255.255.255.0
 ip nat inside
interface Serial0
 ip address x.x.x.x 255.255.255.252
 ip nat outside

ip nat inside source list 100 interface Serial0 overload
ip nat inside source static tcp z.z.z.z 443 v.v.v.v 443 extendable
ip nat inside source static tcp y.y.y.y 1720 v.v.v.v 1720 extendable
ip nat inside source static tcp z.z.z.z 3389 v.v.v.v 3389 extendable
ip nat inside source static tcp y.y.y.y 60000 v.v.v.v 60000 extendable
ip nat inside source static udp y.y.y.y 60000 v.v.v.v 60000 extendable
ip nat inside source static tcp y.y.y.y 60001 v.v.v.v 60001 extendable
ip nat inside source static udp y.y.y.y 60001 v.v.v.v 60001 extendable
ip nat inside source static tcp y.y.y.y 60002 v.v.v.v 60002 extendable
ip nat inside source static udp y.y.y.y 60002 v.v.v.v 60002 extendable
ip nat inside source static tcp y.y.y.y 60003 v.v.v.v 60003 extendable
ip nat inside source static udp y.y.y.y 60003 v.v.v.v 60003 extendable
ip nat inside source static tcp y.y.y.y 60004 v.v.v.v 60004 extendable
ip nat inside source static udp y.y.y.y 60004 v.v.v.v 60004 extendable
ip nat inside source static tcp y.y.y.y 60005 v.v.v.v 60005 extendable
ip nat inside source static udp y.y.y.y 60005 v.v.v.v 60005 extendable
ip nat inside source static tcp y.y.y.y 60006 v.v.v.v 60006 extendable
ip nat inside source static udp y.y.y.y 60006 v.v.v.v 60006 extendable
ip nat inside source static tcp y.y.y.y 60007 v.v.v.v 60007 extendable
ip nat inside source static udp y.y.y.y 60007 v.v.v.v 60007 extendable
ip nat inside source static tcp y.y.y.y 60008 v.v.v.v 60008 extendable
ip nat inside source static udp y.y.y.y 60008 v.v.v.v 60008 extendable
ip nat inside source static tcp y.y.y.y 60009 v.v.v.v 60009 extendable
ip nat inside source static udp y.y.y.y 60009 v.v.v.v 60009 extendable
ip nat inside source static tcp y.y.y.y 60010 v.v.v.v 60010 extendable
ip nat inside source static udp y.y.y.y 60010 v.v.v.v 60010 extendable
ip nat inside source static tcp y.y.y.y 60011 v.v.v.v 60011 extendable
ip nat inside source static udp y.y.y.y 60011 v.v.v.v 60011 extendable
ip nat inside source static tcp y.y.y.y 60012 v.v.v.v 60012 extendable
ip nat inside source static udp y.y.y.y 60012 v.v.v.v 60012 extendable
ip nat inside source static tcp y.y.y.y 60013 v.v.v.v 60013 extendable
ip nat inside source static udp y.y.y.y 60013 v.v.v.v 60013 extendable
ip nat inside source static tcp y.y.y.y 60014 v.v.v.v 60014 extendable
ip nat inside source static udp y.y.y.y 60014 v.v.v.v 60014 extendable
ip nat inside source static tcp y.y.y.y 60015 v.v.v.v 60015 extendable
ip nat inside source static udp y.y.y.y 60015 v.v.v.v 60015 extendable
ip nat inside source static tcp y.y.y.y 60016 v.v.v.v 60016 extendable
ip nat inside source static udp y.y.y.y 60016 v.v.v.v 60016 extendable
ip nat inside source static tcp y.y.y.y 60017 v.v.v.v 60017 extendable
ip nat inside source static udp y.y.y.y 60017 v.v.v.v 60017 extendable
ip nat inside source static tcp y.y.y.y 60018 v.v.v.v 60018 extendable
ip nat inside source static udp y.y.y.y 60018 v.v.v.v 60018 extendable
ip nat inside source static tcp y.y.y.y 60019 v.v.v.v 60019 extendable
ip nat inside source static udp y.y.y.y 60019 v.v.v.v 60019 extendable
ip nat inside source static tcp y.y.y.y 60020 v.v.v.v 60020 extendable
ip nat inside source static udp y.y.y.y 60020 v.v.v.v 60020 extendable
ip nat inside source static tcp y.y.y.y 60021 v.v.v.v 60021 extendable
ip nat inside source static udp y.y.y.y 60021 v.v.v.v 60021 extendable
ip nat inside source static tcp y.y.y.y 60022 v.v.v.v 60022 extendable
ip nat inside source static udp y.y.y.y 60022 v.v.v.v 60022 extendable
ip nat inside source static tcp y.y.y.y 60023 v.v.v.v 60023 extendable
ip nat inside source static udp y.y.y.y 60023 v.v.v.v 60023 extendable
!
access-list 100 permit ip 192.0.0.0 0.255.255.255 any
access-list 100 permit ip any any

More information about the cisco-nsp mailing list