SIP over NAT configuration in Cisco IOS/IOS-XE
As you maybe know SIP doesn't like NAT :)... especially for IOS/IOS-XE Cisco based devices (ASA for example handle that much, much better). For that reason you need straight config to make it work - for control and audio part of communication. These are required steps in UC CME environment with public SIP account for trunk PSTN access:
- define 1 ACL for udp SIP traffic (port 5060) and RTP audio port match - very probably high value ports:
ip access-list extended UDP_RTP permit udp any any range 8000 65000 permit udp any any eq 5060
- define 1 route-map (for NAT) that uses previosly created ACL:
route-map SIP_NAT permit 10 match ip address UDP_RTP
- define STATIC NAT translation for your inside SIP voice interface (this example uses 192.168.12.x for that purpose):
ip nat inside source static 192.168.12.x [YOUR-PUBLIC-IP] route-map SIP_NAT
Adequate ACL for WAN access and SIP secure communication should be in place if you're using public SIP trunk account of course.
CME voice register global (or telephony service) configuration should be as always - and your SIP trunk should work just fine 😉
Comments
Post a Comment