Is is possible to configure SIP NAT on Cisco ISR G2 router?

Dmitriy_Ermakov · ‎11-16-2017

Hello!

I want to setup network:

Asterisk (Digium) or ahother SIP client => Cisco ISR G2 => SIP Provider.

Asterisk's private IP is 10.0.0.10/24, SIP port 5060/UDP

Cisco ISR's G2 private IP is 10.0.0.1/24

SIP Provider's public IP is 10.8.0.1/24, SIP port 5120/UDP

Cisco ISR's G2 public IP is 10.8.0.10/24

I want to configure NAT on the Cisco ISR G2 and Zone-Based Firewall:

I want to configure something like this:

class-map type inspect match-all ICMP-LAN-to-WAN
 match protocol icmp
class-map type inspect match-all SIP-LAN-to-WAN
 match protocol sip
!
policy-map type inspect SIP-LAN-to-WAN
 class type inspect SIP-LAN-to-WAN
  inspect
 class type inspect ICMP-LAN-to-WAN
  inspect
 class class-default
  drop
!
zone security LAN
zone security WAN
zone-pair security LAN-2-WAN source LAN destination WAN
 service-policy type inspect SIP-LAN-to-WAN
!         
interface FastEthernet0/0
 description LAN
 ip address 10.0.0.1 255.255.255.0
 ip nat inside
 ip virtual-reassembly in
 zone-member security LAN
!

interface FastEthernet0/1
 description WAN
 ip address 10.8.0.10 255.255.255.0
 ip nat outside
 ip virtual-reassembly in
 zone-member security LAN

!
ip nat service sip udp port 5120
ip nat inside source static udp 192.168.0.1 5060 1.1.1.1 5120

Could you help me with configuration?

Will this example configuration work or I should change something?

My Asterisk will work as SIP client and it will send first SIP-REGISTER packet.

Leo Laohoo · ‎11-16-2017

Talk to your provider FIRST.
In most cases Asterisk won't work with ALG enabled.