SIP ans NAT

[dontworx]

I posted this in the cisco router section, but I didnot get any response. Thanks for any in advance.

We have 2 new 2801 routers in two different locations. The telephone company has installed two cisco IAD's to deliver trunks and internet to each location. Thy told us they were going to bond the two IAD's together for us. What they are really going to do is just put a policy that says traffic going between these two networks will not go out to the internet. They will also provide us with QOS using DSCP. I have only done voip over point-to-point t1. I have not had to use NAT. What I am reading is that I will probably only get one way audio becouse nat does not deal with the RTP traffic. Are their any workarounds for this yet without using a VPN? Cisco saya that 12.2 IOS supports SIP, but I am not sure if that is dealing with this issue. Thanks

 

[rtfmdude]

dontworx,

I think the nat problem is with the call signaling protocol, not the RTP itself. RTP is used no matter what signaling protocol is used (SIP/H323/MGCP/SCCP/whatever), the problem is when you have an H323 call, for example, and some RTP addressing info is embedded within the call setup - at this point, you'd need an ALG (application layer gateway) to look at the application layer and translate the addresses there. ALG is a NAT feature in some later 12.2T IOSes, if I remember correctly. SIP has some interesting ways to beat this, like using STUN and stuff. I haven't had to screw with this too much, so I don't have that many solutions(sorry). The easiest thing I would try (which is VPN-like) is use a GRE or IPinIP tunnel or something between the 2900s - while not being encrypted, it's totally super-easy to setup. Something like this (from memory)

conf t
int tunnel 1
encap gre (or whatever, think gre is the default)
tunnel source 1.1.1.1 (real outside interface)
tunnel destination 2.2.2.2 (real outside of remote)
ip address 172.16.1.1 255.255.255.252(use whatever, think of this as a serial interface - like a T1)

then add a host static route to just send IAD traffic over it, like
ip route 192.168.1.250 255.255.255.255 172.16.1.2(IAD on other side)

this might work. hopefully

 

[dontworx]

Thanks for the Help I eill give it a try.

 

[computerhighguy]

How do the two sites communicate now?

How is NAT playing a role in here?

If you have 2 routers at two different sites going to 1 provider, then the routers should have routable IP address and this be able to talk with each other directly. Sounds like they just put an access list on the telco's switch allowing the two unit to talk with each other through the telco switch.

Currently, how to the two sites talk with each other?




It is what it is!!
__________________________________
A+, Net+, I-Net+, Certified Web Master, MCP, MCSA, MCSE, CCNA, CCDA, and few others (I got bored one day)

 

[dontworx]

Currently the Phone systems are using public IP's until we them behind the our 2801's on both sides. We wanted to get it working first before we brout the phone system behind the router/firewall. I was concerned with the SIP issue. The phone company said they will come out to their cisco IAD units and rout private IP addresses for us. This should solve this problem. But I am curious to see if I can get it to work without them having to do this for future Jobs.