[c-nsp] NAT - SIP Problem
Ziv Leyes
zivl at gilat.net
Sun Oct 19 07:09:21 EDT 2008
The function "ip nat piggyback-support" can help you solve issues with SIP behind NAT
But I don't think you'll be able to use it with your soho91
Read more about this here:
http://www.cisco.com/en/US/docs/ios/12_4t/12_4t2/htsmpws.html
Ziv
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Paul Stewart
Sent: Thursday, October 16, 2008 6:09 PM
To: 'Church, Charles'; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] NAT - SIP Problem
Thanks Chuck - didn't know about that command... was discussing internally
here and the ATA that doesn't want to work at all has a newer firmware on it
which might explain this better too... both ATA's are same (Tilgin 322)
hardware wise...
We'll give it a shot and I'll post back for others if it works ;)
Paul
-----Original Message-----
From: Church, Charles [mailto:cchurc05 at harris.com]
Sent: Thursday, October 16, 2008 11:31 AM
To: Paul Stewart; cisco-nsp at puck.nether.net
Subject: RE: [c-nsp] NAT - SIP Problem
Paul,
Do you have "no ip nat service sip udp port 5060" in the config?
We had all sorts of registration issues involving NAT until we were told
to try that. The documentation for it isn't that good, but what it does
is turn off the NAT translation of addresses in the SIP payload. That
interferes with an ATA already doing things to get around NAT (as most
ATAs do these days). Although that old an IOS may not even be doing the
payload translation, or support the command. It's worth a try though.
Chuck
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Paul Stewart
Sent: Thursday, October 16, 2008 11:15 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] NAT - SIP Problem
Hi folks...
Have a customer who has two ATA devices behind a Cisco Soho91 and having
a
problem - trying to figure out if this is an IOS issue, a platform issue
or
a Session Border Controller issue....
With the "original" ATA in place, things worked fine. With a second ATA
hooked up, first one still works - second one doesn't. With only the
second
ATA in place it doesn't work. When I say it doesn't work, the SIP
registration will not occur.
XYZ#sh ip nat translations
Pro Inside global Inside local Outside local Outside
global
udp xx.xx.111.3:5060 192.168.0.3:5060 xx.xx.98.6:5060
xx.xx.98.6:5060
udp xx.xx.111.3:1029 192.168.0.6:5060 xx.xx.98.6:5060
xx.xx.98.6:5060
I'm working on the hunch that the SBC is getting confused with this
newer
ATA on the return traffic as the session stays in the NAT translations
table
forever. The "old" ATA is 192.168.0.3 and new is 192.168.0.6 - notice
the
.6 ATA can't use 5060 on the outside interface as it's already in use.
A similar problem came up at another site a while ago (against the same
SBC's) and we converted it over to firewalled public IP space and worked
fine - kind of points me back to the way NAT is behaving on these
routers
but could be an issue between the NAT and the way the SBC sees the
traffic....
Cisco Internetwork Operating System Software
IOS (tm) SOHO91 Software (SOHO91-K9OY6-M), Version 12.2(8)YN, EARLY
DEPLOYMENT RELEASE SOFTWARE (fc1)
Any input appreciated...
Paul
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************
************************************************************************************
This footnote confirms that this email message has been scanned by
PineApp Mail-SeCure for the presence of malicious code, vandals & computer viruses.
************************************************************************************
More information about the cisco-nsp
mailing list