You can get it to work, but historically it's one of the more difficult things to do. Both SIP and H.323 have their various problems with NAT. With H323, it uses a random port<->random port exchange which firewalls don't like. Some H.323 endpoints may use non-standard extensions/fields. With SIP, it routinely includes IP addresses in fields that should and should not be NAT'd, and often firewalls don't respect the right ones (or at all). <br>
<br>For instance, the newer phone loads use SCCP v17 which caused some firewalls to stop recognizing the SCCP format. So, tread carefully is the answer. <br><br>I think RTP is generally handled pretty well, but it's usually the signaling protocols that get ignored. Make sure you know what they are and try to configure the firewall to be aware of them.<br>
<br>-nick<br><br><div class="gmail_quote">On Fri, Sep 24, 2010 at 4:24 PM, Ahmed Elnagar <span dir="ltr"><<a href="mailto:ahmed_elnagar@rayacorp.com">ahmed_elnagar@rayacorp.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div link="blue" vlink="purple" lang="EN-US">
<div>
<p class="MsoNormal"><span style="font-size: 11pt; color: rgb(31, 73, 125);">NAT have a lot of problems one of them that I faced myself that
the phones show as register on CUCM but actually they are not…try to avoid it
as much as you can…however if it is mandatory choose the device that is making
NAT for VOIP traffic VOIP aware in order to rewrite the NATted packet in the
correct way that is suitable for RTP.</span></p>
<p class="MsoNormal"><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<div>
<div>
<p class="MsoNormal" style="background: none repeat scroll 0% 0% white;"><span style="font-size: 10pt; color: rgb(31, 73, 125);"> </span><span style="font-size: 10.5pt; color: rgb(31, 73, 125);">Best
Regards;</span></p>
<p class="MsoNormal" style="background: none repeat scroll 0% 0% white;"><span style="font-size: 10.5pt; color: rgb(31, 73, 125);"> Ahmed Elnagar</span></p>
<p class="MsoNormal" style="background: none repeat scroll 0% 0% white;"><span style="font-size: 10.5pt; color: rgb(31, 73, 125);"> Senior Network PS
Engineer</span></p>
<p class="MsoNormal" style="background: none repeat scroll 0% 0% white;"><span style="font-size: 10.5pt; color: rgb(31, 73, 125);"> Mob: +2019-0016211</span></p>
<p class="MsoNormal" style="background: none repeat scroll 0% 0% white;"><span style="font-size: 10.5pt; color: rgb(31, 73, 125);"> CCIE#24697 (Voice)</span></p>
<p class="MsoNormal" style="background: none repeat scroll 0% 0% white;"><span style="font-size: 10.5pt; color: rgb(31, 73, 125);"> <img src="cid:image001.jpg@01CB5C3F.A2047FD0" alt="ccie_voice_large.gif" height="63" width="63"></span></p>
</div>
</div>
<p class="MsoNormal"><span style="font-size: 11pt; color: rgb(31, 73, 125);"> </span></p>
<div>
<div style="border-width: 1pt medium medium; border-style: solid none none; border-color: rgb(181, 196, 223) -moz-use-text-color -moz-use-text-color; padding: 3pt 0in 0in;">
<p class="MsoNormal"><b><span style="font-size: 10pt;">From:</span></b><span style="font-size: 10pt;">
<a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">cisco-voip-bounces@puck.nether.net</a> [mailto:<a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">cisco-voip-bounces@puck.nether.net</a>] <b>On
Behalf Of </b><a href="mailto:john_burk@oxy.com" target="_blank">john_burk@oxy.com</a><br>
<b>Sent:</b> Friday, September 24, 2010 4:57 PM<br>
<b>To:</b> <a href="mailto:humayun_sami@hotmail.com" target="_blank">humayun_sami@hotmail.com</a>; <a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<b>Subject:</b> Re: [cisco-voip] NAT for Call Managers</span></p>
</div>
</div><div><div></div><div class="h5">
<p class="MsoNormal"> </p>
<div>
<p class="MsoNormal"><span style="font-size: 10pt; color: navy;">NAT can cause havoc with the RTP stream, but with the right
firewall and design/config it can be made to work. I use VPN if at all possible
to avoid these issues.<br>
<br>
John Burk, Consultant <br>
Sent from my Blackberry</span><span style="font-size: 10pt;"></span></p>
</div>
<p class="MsoNormal"><span style="font-size: 10pt;"> </span></p>
<div>
<div class="MsoNormal" style="text-align: center;" align="center"><span style="font-size: 10pt;">
<hr align="center" size="2" width="100%">
</span></div>
<p class="MsoNormal" style="margin-bottom: 12pt;"><b><span style="font-size: 10pt;">From</span></b><span style="font-size: 10pt;">: <a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">cisco-voip-bounces@puck.nether.net</a>
<<a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">cisco-voip-bounces@puck.nether.net</a>> <br>
<b>To</b>: <a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a> <<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>> <br>
<b>Sent</b>: Fri Sep 24 08:02:38 2010<br>
<b>Subject</b>: [cisco-voip] NAT for Call Managers </span></p>
</div>
<p class="MsoNormal" style="margin-bottom: 12pt;"><span style="font-size: 10pt;">Is it recommended to use NAT on VoIP. I have
two separate cluster one for cisco call manager and other for Avaya. We are
integrating both the setups(h323). Is it okay to use NAT. Can someone provide
me a document which helps in this reference.<br>
<br>
<br>
For what reason people do not recommend it in the network, or is it the same
that you do not register your call managers with the domain server. Look
forward to hear.<br>
<br>
<br>
<br>
Regards,<br>
Humayun Sami.</span></p>
</div></div></div>
<div> </div>Disclaimer: NOTICE The information contained in this message is confidential and is intended for the addressee(s) only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorized use, disclosure, copying or alteration of this message is strictly forbidden. Raya will not be liable for direct, special, indirect or consequential damages arising from alteration of the contents of this message by a third party or as a result of any malicious code or virus being passed on. Views expressed in this communication are not necessarily those of Raya.If you have received this message in error, please notify the sender immediately by email, facsimile or telephone and return and/or destroy the original message. </div>
<br>_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
<br></blockquote></div><br>