VOIP RTP PAT

H.323 through NAT is often a problem. On the PIX, we use something called "Fixup", on the ASA we use protocol inspection to get around these issues. I don't know if the NAT capabilities on IOS are H.323 aware enough to do this or not.

Are you getting one way audio, or no audio?

Hi,
One way

Yep I'd say you're running into a NAT related problem for sure. Each end can ping eachother ?

You're probably not going to make it work, without the capability of an IP to IP gateway (sometimes called a session border controller).  The 2600 may be able to run this feature set.

From the cisco website

"Cisco IOS® Network Address Translation (NAT) performs translation service on any TCP/UDP traffic that does not carry source and/or destination IP addresses in the application data stream (ie: http, TFTP, telnet, archie, finger, NTP, NFS, rlogin, rsh, rcp).
Specific protocols that do embed IP address information within the payload require support of an application level gateway (ALG). Table 1 details ALG support within Cisco IOS Software"


http://www.cisco.com/en/US/products/ps6640/products_white_paper09186a00801af2b9.shtml


Without configuring an ALG (probably more work than you want to do)  you need a smarter NAT device, that can look at the IP and port information in the packet and rewrite it to work with NAT.

Yes...exactly...i need to use 2600 router

Aside from trying an application layer gateway - it's probably not possible. Sorry, that's just a limitation of H.323.  This is one of the big challenges with IP voice and video between public and private networks - it works just great on the inside, but when you start crossing NAT it gets a little tricky.

can be done the following?

ip nat inside source static udp [internal IP] [port-range] [Public IP] [port-range]

or similar

That would allow you to build a static nat translation, but it would need to exist for every single port that's being used as part of the transaction. I believe that these are dynamic. Are these SIP gateways, or what is your application?

gateway 1 = Clarent
gateway 2 = Quescom421
H323 signaling G711

you sugest firewall (application proxy)?

If configuring an application layer gateway will help, that's the only option I see. This may not be desirable, or even possible in your configuration. Aside from that recommendation, you're running into a limitation of NAT.In theory, the way it would work is that your H.323 endpoints would peer with the 2600, and it would act as a gateway between them, instead of them communicating natively with eachother.

Thanks jkittle99!
Someone sugest Lynksis device/router/gateway(?)...is that something the you midht come accross?

I'm not as familiar with SOHO equipment, my focus is more on the enterprise - a Cisco PIX would certainly be able to do what you're trying to accomplish. A 501 can be had for ~$300 or you can get an ASA 5505 for under $600. A quality firewall with enterprise features isn't something you buy at Wal Mart.