[c-nsp] Cisco 867 SIP & NAT

Chuck Church chuckchurch at gmail.com
Tue Jan 8 21:52:13 EST 2013


You can configure a maximum number of NAT entries:

http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gt_natrl.html
#wp1046625

Alternatively (and probably better) you could turn down the UDP and TCP NAT
timeouts.  The defaults are really long, a day for TCP without a FIN/RST,
and 5 minutes for UDP.  Are you problem NAT entries TCP or UDP?  I didn't
see UDP in the 'no nat' you mentioned in other emails.

Chuck

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Andrew Yager
Sent: Tuesday, January 08, 2013 7:06 PM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Cisco 867 SIP & NAT

Hi,

We have a client using a Cisco 867 with SIP based VoIP phones behind it (not
CCM).

Each time the phones perform a new SIP request a new entry is created in the
NAT table on a different port, which very quickly floods the NAT table and
crashes the router.

We've tried with c860-universalk9-mz.150-1.M6 and
c860-universalk9-mz.151-4.M5 but are seeing the same behaviour.

Client nat config is relatively standard:

ip nat inside source list 10 interface Dialer0 overload ip nat inside source
static tcp 10.1.1.100 5900 interface Dialer0 5900 ip nat inside source
static tcp 10.1.1.100 1723 interface Dialer0 1723

access-list 10 permit 10.1.1.0 0.0.0.255

Has anyone seen this issue on this series of routers and/or know if it's an
IOS bug? Any fixes or workarounds or working IOS versions?

Thanks,
Andrew

--
Andrew Yager, Managing Director   (MACS Snr CP BCompSc MCP MCE JNCIA-Junos)
Real World Technology Solutions Pty Ltd  - IT people you can trust
ph: 1300 798 718 or (02) 9037 0500
fax: (02) 9037 0591 mob: 0405 152 568
http://www.rwts.com.au/








_______________________________________________
cisco-nsp mailing list  cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list