Michael
asked on
Nating for VOIP on Cisco IOS
Hi all,
I have requested an additional IP address block from my ISP so that I can assign a public IP directly to my VOIP server. I have received and added a nat statement to my router as follows
ip nat inside source static 10.121.50.1 XXX.XXX.XXX.XXX (being one of the static ip's assigned by our ISP)
I can establish a SIP session with my server from outside however still get no audio either way. I ordered the additional IP so I could NAT everything from the external ip to the server to avoid this exact issue however it hasn't worked. To me it looks like no traffic is going back out the nat statement as the debug always shows 0 packets going out but plenty going in
*Jan 15 15:32:53.900: NAT*: s=183.171.81.177, d=58.XX.XX.X->10.121.50.1 [46336]
*Jan 15 15:32:53.960: NAT*: s=183.171.81.177, d=58.XX.XX.XX->10.121.50.1
*Jan 15 15:32:54.208: NAT*: s=10.121.50.1->58.XX.XX.XX
*Jan 15 15:32:54.212: NAT*: s=10.121.50.1->58.XX.XX.XX
183.171.81.177 is my handphone on 4G
58.XX.XX.XX public IP
Any help Appreciated
I have requested an additional IP address block from my ISP so that I can assign a public IP directly to my VOIP server. I have received and added a nat statement to my router as follows
ip nat inside source static 10.121.50.1 XXX.XXX.XXX.XXX (being one of the static ip's assigned by our ISP)
I can establish a SIP session with my server from outside however still get no audio either way. I ordered the additional IP so I could NAT everything from the external ip to the server to avoid this exact issue however it hasn't worked. To me it looks like no traffic is going back out the nat statement as the debug always shows 0 packets going out but plenty going in
*Jan 15 15:32:53.900: NAT*: s=183.171.81.177, d=58.XX.XX.X->10.121.50.1 [46336]
*Jan 15 15:32:53.960: NAT*: s=183.171.81.177, d=58.XX.XX.XX->10.121.50.1
*Jan 15 15:32:54.208: NAT*: s=10.121.50.1->58.XX.XX.XX
*Jan 15 15:32:54.212: NAT*: s=10.121.50.1->58.XX.XX.XX
183.171.81.177 is my handphone on 4G
58.XX.XX.XX public IP
Any help Appreciated
ASKER
Hi, i'm aware of the security concerns however at this point am not concerned. I'm just trying to understand why this is not working. If i'm natting all ports form y external IP to my voip server there should be nothing stopping this from working yet it doesn't. Im using a SIP trunk from my asterisk box so i don't believe my client should be establishing direct RTP connections to my trunk provider. Additionally I have a pstn card installed with a line attached. Again from outside i cannot hear audio however inside can.
For the asterisk gurus, I have the SIP iP settings configured correctly in terms of defining my External IP and internal IP addresses to ensure correct behavior across NAT.
For the asterisk gurus, I have the SIP iP settings configured correctly in terms of defining my External IP and internal IP addresses to ensure correct behavior across NAT.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
In my opinion it is not a good idea to NAT all of the VOIP server traffic like that. It is a major security concern. Usually NAT is used to allow access to the VOIP server for remote management. What are you trying to accomplish with this setup? If you want to allow remote (internet) users to call extensions behind the server, than you should setup a VPN.
To your question - I think there is no audio because all SIP traffic goes directly through the server, unlike audio which uses RTP and is established between the endpoints only - bypassing the VoIP server completely. For example - when you are dialing, the source device sends a SIP message to the server, the VOIP server relays the SIP signals to the destination device, which makes the phone to ring. Now, once the phone is answered the audio is not relayed through the server, instead it is established between the caller and the called endpoint devices.
SIP Path: VoIP Phone <-> VOIP Server <-> VoIP Phone
RTP Path: VoIP Phone <-> VoIP Phone
Also, I found the following topology for a better visual representation - http://i.technet.microsoft.com/Ee690384.468a93eb-2b07-49be-96a2-ab158830c0e5%28en-us,TechNet.10%29.jpg
I hope that helps. Please let me know if you have any questions