[c-nsp] Cisco 867 SIP & NAT

Andrew Yager andrew at rwts.com.au
Tue Jan 8 19:14:18 EST 2013 

Hi Jared,

Currently enabled, but I believe I have tried to disable as well:

no ip nat service sip udp port 5060

is the correct command?

Andrew


--
Andrew Yager, Managing Director   (MACS Snr CP BCompSc MCP MCE JNCIA-Junos)
Real World Technology Solutions Pty Ltd  - IT people you can trust
ph: 1300 798 718 or (02) 9037 0500
fax: (02) 9037 0591 mob: 0405 152 568
http://www.rwts.com.au/







On 09/01/2013, at 11:12 AM, Jared Mauch <jared at puck.nether.net> wrote:

> IOS automatically does SIP-ALG when doing nat, is this enabled or not?
> 
> The SIP-ALG is broken and I have always recommended people to turn it off.
> 
> - Jared
> 
> On Jan 8, 2013, at 7:05 PM, Andrew Yager <andrew at rwts.com.au> wrote:
> 
>> Hi,
>> 
>> We have a client using a Cisco 867 with SIP based VoIP phones behind it (not CCM).
>> 
>> Each time the phones perform a new SIP request a new entry is created in the NAT table on a different port, which very quickly floods the NAT table and crashes the router.
>> 
>> We've tried with c860-universalk9-mz.150-1.M6 and c860-universalk9-mz.151-4.M5 but are seeing the same behaviour.
>> 
>> Client nat config is relatively standard:
>> 
>> ip nat inside source list 10 interface Dialer0 overload
>> ip nat inside source static tcp 10.1.1.100 5900 interface Dialer0 5900
>> ip nat inside source static tcp 10.1.1.100 1723 interface Dialer0 1723
>> 
>> access-list 10 permit 10.1.1.0 0.0.0.255
>> 
>> Has anyone seen this issue on this series of routers and/or know if it's an IOS bug? Any fixes or workarounds or working IOS versions?
>> 
>> Thanks,
>> Andrew
>> 
>> --
>> Andrew Yager, Managing Director   (MACS Snr CP BCompSc MCP MCE JNCIA-Junos)
>> Real World Technology Solutions Pty Ltd  - IT people you can trust
>> ph: 1300 798 718 or (02) 9037 0500
>> fax: (02) 9037 0591 mob: 0405 152 568
>> http://www.rwts.com.au/
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> 
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list