Showing posts from July, 2017

SIP over NAT configuration in Cisco IOS/IOS-XE

     As you maybe know SIP doesn't like NAT :)... especially for IOS/IOS-XE Cisco based devices (ASA for example handle that much, much better). For that reason you need straight config to make it work - for control and audio part of communication. These are required steps in UC CME environment with public SIP account for trunk PSTN access: - define 1 ACL for udp SIP traffic (port 5060) and RTP audio port match - very probably high value ports: ip access-list extended UDP_RTP  permit udp any any range 8000 65000  permit udp any any eq 5060 - define 1 route-map (for NAT) that uses previosly created ACL: route-map SIP_NAT permit 10  match ip address UDP_RTP - define  STATIC NAT  translation for your inside SIP voice interface (this example uses 192.168.12.x for that purpose): ip nat inside source static 192.168.12.x [YOUR-PUBLIC-IP] route-map SIP_NAT Adequate ACL for WAN access and SIP secure communication should be in place if you're using public SIP trunk account of course. CME