[cisco-voip] NAT for Call Managers

[Nick Matthews]

You can get it to work, but historically it's one of the more difficult
things to do.  Both SIP and H.323 have their various problems with NAT.
With H323, it uses a random port<->random port exchange which firewalls
don't like.  Some H.323 endpoints may use non-standard extensions/fields.
With SIP, it routinely includes IP addresses in fields that should and
should not be NAT'd, and often firewalls don't respect the right ones (or at
all).

For instance, the newer phone loads use SCCP v17 which caused some firewalls
to stop recognizing the SCCP format.  So, tread carefully is the answer.

I think RTP is generally handled pretty well, but it's usually the signaling
protocols that get ignored.  Make sure you know what they are and try to
configure the firewall to be aware of them.

-nick

On Fri, Sep 24, 2010 at 4:24 PM, Ahmed Elnagar
<ahmed_elnagar at rayacorp.com>wrote:

>  NAT have a lot of problems one of them that I faced myself that the
> phones show as register on CUCM but actually they are not…try to avoid it as
> much as you can…however if it is mandatory choose the device that is making
> NAT for VOIP traffic VOIP aware in order to rewrite the NATted packet in the
> correct way that is suitable for RTP.
>
>
>
>  Best Regards;
>
>   Ahmed Elnagar
>
>   Senior Network PS Engineer
>
>   Mob: +2019-0016211
>
>   CCIE#24697 (Voice)
>
>  [image: ccie_voice_large.gif]
>
>
>
> *From:* cisco-voip-bounces at puck.nether.net [mailto:
> cisco-voip-bounces at puck.nether.net] *On Behalf Of *john_burk at oxy.com
> *Sent:* Friday, September 24, 2010 4:57 PM
> *To:* humayun_sami at hotmail.com; cisco-voip at puck.nether.net
> *Subject:* Re: [cisco-voip] NAT for Call Managers
>
>
>
> NAT can cause havoc with the RTP stream, but with the right firewall and
> design/config it can be made to work. I use VPN if at all possible to avoid
> these issues.
>
> John Burk, Consultant
> Sent from my Blackberry
>
>
>  ------------------------------
>
> *From*: cisco-voip-bounces at puck.nether.net <
> cisco-voip-bounces at puck.nether.net>
> *To*: cisco-voip at puck.nether.net <cisco-voip at puck.nether.net>
> *Sent*: Fri Sep 24 08:02:38 2010
> *Subject*: [cisco-voip] NAT for Call Managers
>
> Is it recommended to use NAT on VoIP. I have two separate cluster one for
> cisco call manager and other for Avaya. We are integrating both the
> setups(h323). Is it okay to use NAT. Can someone provide me a document which
> helps in this reference.
>
>
> For what reason people do not recommend it in the network, or is it the
> same that you do not register your call managers with the domain server.
> Look forward to hear.
>
>
>
> Regards,
> Humayun Sami.
>
> Disclaimer: NOTICE The information contained in this message is
> confidential and is intended for the addressee(s) only. If you have received
> this message in error or there are any problems please notify the originator
> immediately. The unauthorized use, disclosure, copying or alteration of this
> message is strictly forbidden. Raya will not be liable for direct, special,
> indirect or consequential damages arising from alteration of the contents of
> this message by a third party or as a result of any malicious code or virus
> being passed on. Views expressed in this communication are not necessarily
> those of Raya.If you have received this message in error, please notify the
> sender immediately by email, facsimile or telephone and return and/or
> destroy the original message.
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20100924/7b108dae/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 1801 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20100924/7b108dae/attachment.jpg>