[c-nsp] NAT - SIP Problem

Paul Stewart paul at paulstewart.org
Thu Oct 16 12:09:12 EDT 2008 

Thanks Chuck - didn't know about that command... was discussing internally
here and the ATA that doesn't want to work at all has a newer firmware on it
which might explain this better too... both ATA's are same (Tilgin 322)
hardware wise...

We'll give it a shot and I'll post back for others if it works ;)

Paul


-----Original Message-----
From: Church, Charles [mailto:cchurc05 at harris.com] 
Sent: Thursday, October 16, 2008 11:31 AM
To: Paul Stewart; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] NAT - SIP Problem

Paul,

	Do you have "no ip nat service sip udp port 5060" in the config?
We had all sorts of registration issues involving NAT until we were told
to try that.  The documentation for it isn't that good, but what it does
is turn off the NAT translation of addresses in the SIP payload.  That
interferes with an ATA already doing things to get around NAT (as most
ATAs do these days).  Although that old an IOS may not even be doing the
payload translation, or support the command.  It's worth a try though.

Chuck
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Paul Stewart
Sent: Thursday, October 16, 2008 11:15 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] NAT - SIP Problem


Hi folks...

Have a customer who has two ATA devices behind a Cisco Soho91 and having
a
problem - trying to figure out if this is an IOS issue, a platform issue
or
a Session Border Controller issue....

With the "original" ATA in place, things worked fine.  With a second ATA
hooked up, first one still works - second one doesn't.  With only the
second
ATA in place it doesn't work.  When I say it doesn't work, the SIP
registration will not occur.

XYZ#sh ip nat translations
Pro Inside global      Inside local       Outside local      Outside
global
udp xx.xx.111.3:5060   192.168.0.3:5060   xx.xx.98.6:5060
xx.xx.98.6:5060
udp xx.xx.111.3:1029   192.168.0.6:5060   xx.xx.98.6:5060
xx.xx.98.6:5060


I'm working on the hunch that the SBC is getting confused with this
newer
ATA on the return traffic as the session stays in the NAT translations
table
forever.  The "old" ATA is 192.168.0.3 and new is 192.168.0.6 - notice
the
.6 ATA can't use 5060 on the outside interface as it's already in use.

A similar problem came up at another site a while ago (against the same
SBC's) and we converted it over to firewalled public IP space and worked
fine - kind of points me back to the way NAT is behaving on these
routers
but could be an issue between the NAT and the way the SBC sees the
traffic....

Cisco Internetwork Operating System Software
IOS (tm) SOHO91 Software (SOHO91-K9OY6-M), Version 12.2(8)YN, EARLY
DEPLOYMENT RELEASE SOFTWARE (fc1)

Any input appreciated...

Paul


_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

More information about the cisco-nsp mailing list