[cisco-voip] NATed SIP trunk direct to CM (no CUBE)

Matt Slaga (AM) matt.slaga at dimensiondata.com
Fri Jul 13 16:06:48 EDT 2012


I'm using static NAT for one of our labs and it's working well.  It does rewrite the SIP packet as necessary which works most of the time.

From: cisco-voip-bounces at puck.nether.net [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Ted Nugent
Sent: Friday, July 13, 2012 2:40 PM
To: Erick
Cc: Cisco VoIPoE List
Subject: Re: [cisco-voip] NATed SIP trunk direct to CM (no CUBE)


Well unfortunately as expected it's a bug with no fix yet, only a work around (release pending)

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtj14677&from=summary

DOC: SIP inspection is not supported with static PAT

Symptom:

DOC: This is a Documentation bug.

SIP inspection will not work with static pat. The inspection engine will not rewrite the packet if static pat is configured.

Conditions:

Any version of ASA software. If you configure:

static (inside,outside) udp interface sip 10.1.1.1 sip

Where 10.1.1.1 is your call manager. You will see sip calls fail because the sip inspection doesn't support static pat.

Workaround:

Configure a one to one static for your call manager like this:

static (inside,outside) 1.2.3.4 10.1.1.1


On Fri, Jul 13, 2012 at 9:02 AM, Erick <ewellnitzvoip at gmail.com<mailto:ewellnitzvoip at gmail.com>> wrote:
We have it working but I don't have access to the FW.  I'll see if I can get the security team to enlighten me.


On Jul 12, 2012, at 8:41 PM, Ted Nugent <tednugent73 at gmail.com<mailto:tednugent73 at gmail.com>> wrote:
Any chance of getting this working without CUBE? This is a lab environment to an external SIP provider
Outbound calls are working without a hitch but internal are getting 404 errors becuase the invite has my external IP.
These are NATed through an ASA with the information below. Any and all help is appreciated!
CUCM 8.5

Provider PBX: 10.10.10.10
My external IP: 10.20.20.20 - ASA outside
CM Address: 192.168.2.225 - internal network
called# 9195551212<tel:9195551212> - assigned to an IP phone
Calling# 9194755555<tel:9194755555> - PSTN Number

SIP/2.0 404 Not Found
Via: SIP/2.0/UDP 10.10.10.10:5060;branch=z9hG4bK615f910f;rport
From: "9194755555<tel:9194755555>" <sip:<mailto:sip%3A9194755555 at 10.10.10.10>9194755555 at 10.10.10.10<mailto:9194755555 at 10.10.10.10>>;tag=as2bb2da19
To: <sip:<mailto:sip%3A9195551212 at 10.20.20.20>9195551212 at 10.20.20.20<mailto:9195551212 at 10.20.20.20>>;tag=32~d17116a5-4521-4eab-b0b1-1592b390b4a2-32411046
Date: Fri, 13 Jul 2012 00:29:16 GMT
Call-ID: 571cb73b62128c9b25faa9530644ae92 at 10.10.10.10<mailto:571cb73b62128c9b25faa9530644ae92 at 10.10.10.10>
CSeq: 102 INVITE
Allow-Events: presence
Reason: Q.850;cause=1
Content-Length: 0

|1,100,230,1.68^10.10.10.10^*
20:29:16.485 |//SIP/SIPUdp/wait_UdpDataInd: Incoming SIP UDP message size 448 from 10.10.10.10:[5060]:
[130,NET]
ACK sip:<mailto:sip%3A9195551212 at 10.20.20.20>9195551212 at 10.20.20.20<mailto:9195551212 at 10.20.20.20> SIP/2.0
Via: SIP/2.0/UDP 10.10.10.10:5060;branch=z9hG4bK615f910f;rport
Max-Forwards: 70
From: "9194755555<tel:9194755555>" <sip:<mailto:sip%3A9194755555 at 10.10.10.10>9194755555 at 10.10.10.10<mailto:9194755555 at 10.10.10.10>>;tag=as2bb2da19
To: <sip:<mailto:sip%3A9195551212 at 10.20.20.20>9195551212 at 10.20.20.20<mailto:9195551212 at 10.20.20.20>>;tag=32~d17116a5-4521-4eab-b0b1-1592b390b4a2-32411046
Contact: <sip:<mailto:sip%3A9194755555 at 10.10.10.10>9194755555 at 10.10.10.10<mailto:9194755555 at 10.10.10.10>>
Call-ID: 571cb73b62128c9b25faa9530644ae92 at 10.10.10.10<mailto:571cb73b62128c9b25faa9530644ae92 at 10.10.10.10>
CSeq: 102 ACK
User-Agent: Asterisk PBX 1.6.2.13
Content-Length: 0
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip



itevomcid
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20120713/bb97a853/attachment.html>


More information about the cisco-voip mailing list