cancel
Showing results for 
Search instead for 
Did you mean: 

NAT Problem with Cisco 1941 Router

Highlighted
Occasional Advisor

NAT Problem with Cisco 1941 Router

I have configured a static NAT for Polycom HDX 7000 on a Cisco 1941 Router. 

I am able to ping a remote device from the Polycom and it says that H.323 and SIP are reachable. 

 

But i can not establish a call to the same IP address. 

 

Any idea, what can be the issue over here? Do i need to post my configuration? 

 

Regards.

Message 1 of 15
14 REPLIES
Advisor

Re: NAT Problem with Cisco 1941 Router

Try this rules, solved for us many problems:

no ip nat service sip udp port 5060
no ip nat service sip tcp port 5060

 

regards, Arjan

Message 2 of 15
Occasional Advisor

Re: NAT Problem with Cisco 1941 Router

Hey a.onderwater

these rules will be under the access-list rite?

 

Thanks

Message 3 of 15
Advisor

Re: NAT Problem with Cisco 1941 Router

no, just type the rules in Cisco, doesn't matter where

Message 4 of 15
Occasional Advisor

Re: NAT Problem with Cisco 1941 Router

I m still not able to establish the calls through NAT. Only the no ip nat service sip udp port 5060 is shown in the config. it doesnt show the tcp command.

I m pasting my config, please have a look at it and suggest 

 

!
! Last configuration change at 10:08:32 UTC Wed May 28 2014
! NVRAM config last updated at 10:09:40 UTC Wed May 28 2014
! NVRAM config last updated at 10:09:40 UTC Wed May 28 2014
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ITRC-TEST
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
!
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
!
redundancy
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 192.168.24.2 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address Public IP Address
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
no ip nat service sip udp port 5060
ip nat pool POOL 192.168.24.10 192.168.24.20 netmask 255.255.255.0
ip nat inside source list 172 interface GigabitEthernet0/1 overload
ip nat inside source static 192.168.24.10 Public IP
ip route 0.0.0.0 0.0.0.0 ISP1 2
ip route 192.168.0.0 255.255.0.0 192.168.24.1
!
access-list 172 permit ip any any
access-list 172 permit tcp any range 0 65535 any
access-list 172 permit udp any range 0 65535 any
!
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0
login
transport input all
line vty 1 4
login
transport input all
!
scheduler allocate 20000 1000
end

 

Message 5 of 15
Advisor

Re: NAT Problem with Cisco 1941 Router

dont use access-list 127

 

use

access-list 101 permit ip <local lan IP>  0.0.0.0 any

This setting is for all type of internet access

 

is the dialer/connection to the internet working from this router?

Message 6 of 15
Occasional Advisor

Re: NAT Problem with Cisco 1941 Router

Still i can not establish the connection when h323 is reachable from the polycom device. 

Here's the config now 

 

hostname ITRC-TEST
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
no ipv6 cef
ip source-route
ip cef
!
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
!
redundancy
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 192.168.24.2 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address Public IP Address
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
no ip nat service sip udp port 5060
ip nat pool POOL 192.168.24.10 192.168.24.20 netmask 255.255.255.0
ip nat inside source list 101 interface GigabitEthernet0/1 overload
ip nat inside source static 192.168.24.10 Public IP Address
ip route 0.0.0.0 0.0.0.0 Public IP Address 2
ip route 192.168.0.0 255.255.0.0 192.168.24.1
!
access-list 101 permit ip 192.168.24.0 0.0.0.255 any
!
!
!
!

 

Message 7 of 15
Advisor

Re: NAT Problem with Cisco 1941 Router

What kind of internet do you have? Or is the cisco behind another router??

What gives you the WAN IP and what is the gateway of that line?

 

 

 

Message 8 of 15
Occasional Advisor

Re: NAT Problem with Cisco 1941 Router

There's another Cisco router ahead of this router, from there the traffic goes out. 

When i directly route my polycom from that router, i can easily establish calls without natting. 

I m testing the NAT enviornment by putting in another router, because i do not have the access of the main gateway router.

Message 9 of 15
Advisor

Re: NAT Problem with Cisco 1941 Router

Are you using another subnet after the second Cisco?

Then you have to create a route in the first Cisco. All data for the second subnet route to the wan ip of the second Cisco

Message 10 of 15