[cisco-voip] Is it possible to disable the SIP nat helper?
Nick Matthews
matthnick at gmail.com
Thu Jun 11 19:23:43 EDT 2009
As far as I understand (which is limited), as long as your IOS
firewall doesn't have an 'inspect sip' command it would not do this.
Is this an ASA or IOS FW?
-nick
On Thu, Jun 11, 2009 at 5:05 PM, John Lange<john at johnlange.ca> wrote:
> The Cisco IOS devices have a built in NAT translator which automatically
> recognizes certain protocols and does some deep packet manipulation on
> them.
>
> For example, SIP packets have their source IP and ports manipulated to
> match the routers external IP and a random port.
>
> For some reason, this seems to be causing havoc with our Aastra phones.
> The phones receive calls just fine but outbound calls fail. Packet
> traces show that the server is trying to authenticate the phones but
> it's failing.
>
> The strangest thing is that other models of phones and soft phones work
> just fine.
>
> Id like to disable the Cisco NAT/SIP manipulation and just leave it with
> doing generic UDP NAT to see if this resolves the problem (the SIP
> server, Asterisk is smart and knows how to handle NAT without
> manipulated packets).
>
> Is there a way to disable the SIP/NAT filter?
>
> I thought:
>
> # no ip nat service sip
>
> would be the answer but this only allows you to turn of SIP/NAT on a
> non-standard port. Entered as above it gives an "incomplete command"
> error.
>
> Regards,
> --
> John Lange
> http://www.johnlange.ca
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
More information about the cisco-voip
mailing list