Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3299
Views
8
Helpful
5
Replies

CUBE SIP NAT without ALG?

Ryan McDowell
Level 1
Level 1

‎04-15-2016 06:19 AM - edited ‎03-17-2019 06:35 AM

My setup is as follows:

CUCM -> CUBE -> ( Cisco Meraki MX400) -> ITSP.  CUBE is behind NAT.  Meraki does not support SIP NAT ALG.  ITSP sees private IP in headers as the IP to send audio to despite 1:1 NAT mapping on firewall.  How do I get the CUBE to request the audio be sent to the public IP?

Running config attached.  Example Invite here:

Sent:
INVITE sip:13125551212@208.X.X.X:5060 SIP/2.0
Via: SIP/2.0/UDP 10.X.X.X:5060;branch=z9hG4bKFCXXXX
Remote-Party-ID: "Ryan McDowell" <sip:4185551213@10.X.X.X>;party=calling;screen=yes;privacy=off
From: "Ryan McDowell" <sip:4185551213@12.X.X.X>;tag=8614A0-1698
To: <sip:13125551212@208.X.X.X>
Date: Tue, 12 Apr 2016 20:15:02 GMT
Call-ID: 12CC1D16-2211E6-XXXXXXXX-XXXXXXXX@10.X.X.X
Supported: 100rel,timer,resource-priority,replaces,sdp-anat
Min-SE:  1800
Cisco-Guid: 2826024320-0000065536-0000075837-XXXXXXXXXX
User-Agent: Cisco-SIPGateway/IOS-12.x
Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, REFER, SUBSCRIBE, NOTIFY, INFO, REGISTER
CSeq: 101 INVITE
Timestamp: 1460492102
Contact: <sip:3125551213@10.X.X.X:5060>
Call-Info: <sip:10.X.X.X:5060>;method="NOTIFY;Event=telephone-event;Duration=2000"
Expires: 180
Allow-Events: kpml, telephone-event
Max-Forwards: 69
Session-Expires:  14400
Content-Type: application/sdp
Content-Disposition: session;handling=required
Content-Length: 341
 
v=0
o=CiscoSystemsSIP-GW-UserAgent 9489 6273 IN IP4 10.X.X.X
s=SIP Call
c=IN IP4 10.X.X.X
t=0 0
m=audio 19436 RTP/AVP 0 100 121 101
c=IN IP4 10.X.X.X
a=rtpmap:0 PCMU/8000
a=rtpmap:100 X-NSE/8000
a=fmtp:100 192-194
a=rtpmap:121 frf-dialed-digit/8000
a=fmtp:121 0-15
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=ptime:20

 

Thank you!

1 person had this problem
Labels:
Preview file
4 KB
0 Helpful
5 Replies 5

Jarad Olson
Level 1
Level 1

‎04-26-2016 02:06 PM

I, too, have been considering how to get around this problem. The best thing I have been able to come up with thus far is to create a set of re-write rules that will find the internal private IP address of the various SIP and SDP messages and replace it with the external address. If I end up going this way, I will put the config lines in here.

I think this post is relevant:

https://supportforums.cisco.com/discussion/12290391/sip-profiles-when-using-nat

0 Helpful

ollylawrence
Level 1
Level 1
In response to Jarad Olson

‎11-26-2019 01:12 PM

So did anyone get this working ?

0 Helpful

yamikani2g2
Level 1
Level 1
In response to ollylawrence

‎11-26-2019 02:01 PM

Olly!!

 

explain you situation here and we all may assist i have had a challenge with almost a configuration like this one.

The deployment worked but am ready to share my challenges.

 

Tx

0 Helpful

Anthony Holloway
Cisco Employee
Cisco Employee
In response to ollylawrence

‎11-26-2019 02:25 PM

Yes, and I used a SIP Profile on CUBE which looks like the following (assume 1.1.1.1 is private and 2.2.2.2 is public):

 

voice class sip-profiles 1000
 rule 1100 response ANY sip-header Via modify "1.1.1.1" "2.2.2.2"
 rule 1101 response ANY sip-header From modify "1.1.1.1" "2.2.2.2"
 rule 1102 response ANY sip-header To modify "1.1.1.1" "2.2.2.2"
 rule 1103 response ANY sip-header Call-ID modify "1.1.1.1" "2.2.2.2"
 rule 1104 response ANY sip-header Contact modify "1.1.1.1" "2.2.2.2"
 rule 1105 response ANY sip-header Remote-Party-ID modify "1.1.1.1" "2.2.2.2"
 rule 1106 response ANY sip-header P-Asserted-Identity modify "1.1.1.1" "2.2.2.2"
 rule 1107 response ANY sip-header Diversion modify "1.1.1.1" "2.2.2.2"
 rule 1151 response ANY sdp-header Session-Owner modify "1.1.1.1" "2.2.2.2"
 rule 1152 response ANY sdp-header Connection-Info modify "1.1.1.1" "2.2.2.2"
 rule 1153 response ANY sdp-header Audio-Connection-Info modify "1.1.1.1" "2.2.2.2"
 rule 1154 response ANY sdp-header Video-Connection-Info modify "1.1.1.1" "2.2.2.2"
 rule 1200 request ANY sip-header Via modify "1.1.1.1" "2.2.2.2"
 rule 1201 request ANY sip-header From modify "1.1.1.1" "2.2.2.2"
 rule 1202 request ANY sip-header To modify "1.1.1.1" "2.2.2.2"
 rule 1203 request ANY sip-header Contact modify "1.1.1.1" "2.2.2.2"
 rule 1204 request ANY sip-header Remote-Party-ID modify "1.1.1.1" "2.2.2.2"
 rule 1205 request ANY sip-header P-Asserted-Identity modify "1.1.1.1" "2.2.2.2"
 rule 1206 request ANY sip-header Diversion modify "1.1.1.1" "2.2.2.2"
 rule 1251 request ANY sdp-header Session-Owner modify "1.1.1.1" "2.2.2.2"
 rule 1252 request ANY sdp-header Connection-Info modify "1.1.1.1" "2.2.2.2"
 rule 1253 request ANY sdp-header Audio-Connection-Info modify "1.1.1.1" "2.2.2.2"
 rule 1254 request ANY sdp-header Video-Connection-Info modify "1.1.1.1" "2.2.2.2"
!

Note that I applied this profile to both my incoming and outgoing ITSP peers, but I did not use inbound sip profiles to make it work.

 

Also, and this is very important, I did not choose to include Call-ID header in the profile, because when it was present, I was seeing strange behaviors with CUBE and the calls were failing.

agionetworks
Level 1
Level 1
In response to Anthony Holloway

‎04-12-2024 09:40 AM

@Anthony Holloway thanks for sharing! This fixed outbound dialing RTP issues for us.

Customers Also Viewed These Support Documents