[cisco-voip] R: Nat skinny overload problem

Mauro Celli mauro.celli at 2000net.it
Mon Mar 28 10:41:54 EDT 2011


I have some overlapping phone network, i need NAT for some reason.
This is my nat "ip nat inside source list 101 pool Voce"
No overload is added but:
rotary work for 2/3 week,after this time, some phone is overload ip 
Match-host is not applicable 
without rotary and match-host, all phone have same ip (the router apply pat) 
Ios tested 12.4 15.0 15.1

Thanks

-----Messaggio originale-----
Da: Peter Slow [mailto:peter.slow at gmail.com] 
Inviato: domenica 27 marzo 2011 17:18
A: Mauro Celli
Cc: cisco-voip at puck.nether.net
Oggetto: Re: [cisco-voip] Nat skinny overload problem

The overload keyword is what causes it to do PAT instead of NAT. You
do NOT have to put the "overload" keyword at the end of the ip nat
inside source command. I'm not sure how skinny inspection works
(because I've managed to avoid doing this, as it should be avoided and
is poor design.) with IOS NAT/PAT, but you are going to need some form
of Skinny inspection if you want dynamically assigned global IP
addresses because the router needs to know what UDP ports to create a
corresponding translation across the NAT boundary for.

There is probably a solution here that we can help you come up with
that will not need NAT/PAT. Tell us what your network architecture is
like, and what you are trying to do. Perhaps we can help you come up
with something that wont cause you heartache. ( for instance, if the
NAT is due to overlapping address space, you can renumber the phones,
that will be easier. If the NAT is because you are going across a
public network, then as much as I hate the various forms of tunneling
and VPNs, one of them may be for you and is probably a lesser evil
than NAT.) There are even some other ways, such as forcing all your
phones at thsi one site to send their RTP streams through an MTP with
a Public IP address, thereby bypassing the need for the
fixup/inspection. There are varying designs of that nature that use
parts of CUBE or CUCM.

Even if you manage to get this working now, skinny inspection/fixup
breaks frequently, for a multitude of reasons.

NAT/PAT really sucks for voice,
   Peter




On Sat, Mar 26, 2011 at 5:16 PM, Mauro Celli <mauro.celli at 2000net.it> wrote:
> I need to make nat for some phones (15/20 phones) in 2 subnet
>
> Subnet1 172.20.10.0/24
>
> Subnet2 192.168.10.0/24
>
> Nat pool 1.0.1.21 1.0.1.149
>
> I need a mapping 1 to 1.
>
> I have try some config but:
>
>
>
> ip nat pool Voce 1.0.1.21 1.0.1.149 netmask 255.255.255.0
>
> This not work,all internal phones is natted with 1.0.1.21 (is always
> overloaded???)
>
> ip nat pool Voce 1.0.1.21 1.0.1.149 netmask 255.255.255.0 match-host
>
> This is not applicable, because i have two internal subnet
>
> ip nat pool Voce 1.0.1.21 1.0.1.149 netmask 255.255.255.0 rotary
>
> This work,but after 2/3 week, i found two phone with same natted address.
>
>
>
> I need always a mapping 1->1 absolutely no overload is permette in my
> config.
>
> How i can make this without making a manual
>
> ip nat inside source static x.x.x.x x.x.x.x for every phone?
>
> Thanks
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>



More information about the cisco-voip mailing list