[cisco-voip] Nat skinny overload problem

Peter Slow peter.slow at gmail.com
Sun Mar 27 11:17:46 EDT 2011


The overload keyword is what causes it to do PAT instead of NAT. You
do NOT have to put the "overload" keyword at the end of the ip nat
inside source command. I'm not sure how skinny inspection works
(because I've managed to avoid doing this, as it should be avoided and
is poor design.) with IOS NAT/PAT, but you are going to need some form
of Skinny inspection if you want dynamically assigned global IP
addresses because the router needs to know what UDP ports to create a
corresponding translation across the NAT boundary for.

There is probably a solution here that we can help you come up with
that will not need NAT/PAT. Tell us what your network architecture is
like, and what you are trying to do. Perhaps we can help you come up
with something that wont cause you heartache. ( for instance, if the
NAT is due to overlapping address space, you can renumber the phones,
that will be easier. If the NAT is because you are going across a
public network, then as much as I hate the various forms of tunneling
and VPNs, one of them may be for you and is probably a lesser evil
than NAT.) There are even some other ways, such as forcing all your
phones at thsi one site to send their RTP streams through an MTP with
a Public IP address, thereby bypassing the need for the
fixup/inspection. There are varying designs of that nature that use
parts of CUBE or CUCM.

Even if you manage to get this working now, skinny inspection/fixup
breaks frequently, for a multitude of reasons.

NAT/PAT really sucks for voice,
   Peter




On Sat, Mar 26, 2011 at 5:16 PM, Mauro Celli <mauro.celli at 2000net.it> wrote:
> I need to make nat for some phones (15/20 phones) in 2 subnet
>
> Subnet1 172.20.10.0/24
>
> Subnet2 192.168.10.0/24
>
> Nat pool 1.0.1.21 1.0.1.149
>
> I need a mapping 1 to 1.
>
> I have try some config but:
>
>
>
> ip nat pool Voce 1.0.1.21 1.0.1.149 netmask 255.255.255.0
>
> This not work,all internal phones is natted with 1.0.1.21 (is always
> overloaded???)
>
> ip nat pool Voce 1.0.1.21 1.0.1.149 netmask 255.255.255.0 match-host
>
> This is not applicable, because i have two internal subnet
>
> ip nat pool Voce 1.0.1.21 1.0.1.149 netmask 255.255.255.0 rotary
>
> This work,but after 2/3 week, i found two phone with same natted address.
>
>
>
> I need always a mapping 1->1 absolutely no overload is permette in my
> config.
>
> How i can make this without making a manual
>
> ip nat inside source static x.x.x.x x.x.x.x for every phone?
>
> Thanks
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>


More information about the cisco-voip mailing list