RTP IP- NAT

I am developing an RTP program that is streaming audio data to another computer. I know RTP can stream to certain computers on your own IP address via NAT addresses, but can you stream to a certain NAT address on an IP address other than your own? Thanks!

Too bad...
Is there any way to find your own IP address?
This method:                            InetAddress addr2 = InetAddress.getLocalHost();
        byte[] ipAddr2 = addr2.getAddress();
        // Convert to dot representation
        String ipAddrStr2 = "";
        for (int i=0; i<ipAddr2.length; i++) {
            if (i > 0) {
                ipAddrStr2 += ".";
            ipAddrStr2 += ipAddr2&0xFF;
}returns your LAN address, but how do you get your IP. Thx.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               

Similar Messages

  • UDP Nat Traversal Issue

    Hey folks, have a 5505 with sec+ behind some public IP's for an Avaya remote VoIP SIP application on Android/iOS mobile. No SBC at current time and trying to get the app through a 5505 for both UDP/RTP and TCP (presence, chat, etc). All TCP ports seem to be following the NAT translation just fine, but my RTP streams are having an issue (no audio in either direction). All TCP traffic for the same mobile voip application is working just great via NAT (this traffic goes to an internal server with an object in the ASA titled UC-Server). Ironically, Avaya video conferencing and the same style of NAT also works just fine for RTP via NAT. 
    The voip app guide says 54000-54500 for the RTP stream and that this should be forwarded internally to the IP phone system (IP-Office is our object in the ASA) when hitting the public IP dedicated to external VoIP (object of UC-Public). I have attached a wireshark of the outside interface (inbound & outbound traffic) of the RTP traffic on the 5505. I also have a screenshot of the nat rule on the GUI side and CLI side.
    Here's the kicker, we created a NAT rule identical to the 54000-54500 rule but with the other side of the conversation (9578 on this call example) and audio was perfect in both directions. However, we noticed that depending on how the remote voip client is connected to the internet (whether on 4g or wifi, etc) the other side of the port range (not the 54000-54500) can change by a large margin. I really don't want to just snag all possible ports moving in the other direction as they change dynamically and by a wide range.
    I am not sure why the existing NAT statement is not working and the return traffic wont just follow the open socket?

    I am still confused on why creating the "client side" nat rule would cause any effect on this scenario? The ASA should be seeing the return port traffic on the 54000-54500 range. When comparing other wireshark traffic to this, the flow is setup proper and the port direction wireshark shows is proper as well. 
    Thoughts?

  • Sip passing through nat but rtp is not - no audio

    Sip passing through nat but rtp is not
    I'm looking at traffic leaving my router with a sniffer. I see SIP traffic but I do not see RTP traffic.  The phones ring on both sides but I do not get any audio.
    interface f0/0.100
    ip address 192.168.10.1 255.255.255.0
    ip nat outside
    ip nat pool VoIP 192.168.10.1  192.168.10.1 prefix-length 24
    ip nat inside source route-map VoIP pool VoIP overload
    ip nat inside source static tcp 10.1.1.2 49201 192.168.10.54 49201 extendable
    access-list 1 permit ip host 10.1.1.2 any
    route-map VoIP permit 10
    match ip address 1
    match interface  f0/0.100
    set interface  f0/0.100

    Hello,
    You can enable "ip nat service sip" or "ip nat service h323" and "ip nat
    service h225" commands. As per the documentation, they are enabled by
    default. In the latest IOS there is a new feature added to Cisco IOS that
    ensures that even RTP packets get translated to one of the allowed ports as
    specified by the RFC. The command to enable the feature is "ip nat service
    allow-sip-even-rtp-ports"
    http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6640/pro
    d_white_paper0900aecd80597bc7.html
    Hope this helps.
    Regards,
    NT

  • Send RTP stream to NAT address

    Hi,
    i want to transmit a RTP stream from a server to a host in a LAN.
    This host has a NAT address and it's non real IP address, so i can't send any stream trought usage of SessionManager API because it need to know a public IP.
    The other issue is that in a LAN, in most popular cases, there is a firewall that close the connection from internet to their hosts.
    I think this solution:
    1) LAN's hosts can intiate the connection with server sending a non real RTP data
    2)Server store the SessionManager of this connection
    3)server can send your RTP stream now
    Someone have a more good solution or any suggestion?
    Thank for all
    [email protected]

    I have one appletTransmitter that capture video from webcam and transmit it to other client on internet.
    I try to transmit medialocator from appletTransmitter to servlet1 and then save MedialLocator as servlet attribute, then other client can connect to servlet2 that send saved MediaLocator to appletClient.
    APPLETTRANSMITTER:
    URL url=null;
    MediaLocator media=new MediaLocator("vfw://0");
    try{
    url = new URL("http://localhost:8080/servlet1");
    catch(MalformedURLException mue){mue.printStackTrace();}
    URLConnection conn=null;
    try{
    conn = url.openConnection();
    catch(IOException ioe){ioe.printStackTrace();}
    conn.setDoOutput(true);
    OutputStream os=null;
    ObjectOutputStream oos=null;
    InputStream in=null;
    ObjectInputStream iin=null;
    MediaLocator mResp=null;
    String r=null;
    try{
    os=conn.getOutputStream();
    oos=new ObjectOutputStream(os);
    oos.writeObject(media);
    //oos.writeObject("Prova Servlet");
    oos.flush();
    catch(IOException io){io.printStackTrace();}
    catch(ClassNotFoundException cn){cn.printStackTrace();}
    SERVLET1
    ObjectInputStream objin = new ObjectInputStream(request.getInputStream());
    MediaLocator ml =null;
    try{
    ml = (MediaLocator) objin.readObject();
    context.setAttribute("media",ml);
    catch(ClassNotFoundException e)
    {e.printStackTrace()}
    But on servlet1 there is a ClassNotFoundException: MediaLocator
    What do we think about the solution and exception problem?
    Best Regards,
    Nico from Italy

  • 7921/7925 rtp traffic thru nat

    Hi,
    Our nat table does not time out all the udp rtp traffic from 792x wireless phones. Normal 7940/60 works fine and any other traffic. When the "left" time has counted to zero it goes to "timing-out" state and stays there unless we do manual "clear ip nat trans * "
    IOS version 12.4.(11)T4 does not have this problem but never and even 15.x has the same issue. I have tested phone load 1.3.3 and 1.3.4SR2 without a change. I have tested a static and dynamic nat and no effect there. I have tested different wireless access points and no effect. It might be a tac case if anyone else has no ideas.
    Does anyone have more information what might cause the problem?
    Here is an example what fills the translation table:
    sh ip nat trans ver
    udp 172.16.119.248:20064 10.79.191.244:20064 10.76.134.119:26180 10.76.134.119:26180
        create 00:22:22, use 00:21:26 timeout:300000, timing-out,
        flags:
    extended, use_count: 0, entry-id: 103, lc_entries: 0
    udp 172.16.119.248:25824 10.79.191.244:25824 10.76.134.119:16528 10.76.134.119:16528
        create 00:23:59, use 00:23:57 timeout:300000, timing-out,
        flags:
    extended, use_count: 0, entry-id: 98, lc_entries: 0

    Hi Janne, if this is still a hanging issue, I suggest you move the thread under network infra, routing or switching.
    Cheers
    Serge

  • VOIP over VPN dropp RTP protocol

    We are installing a new 2911 ISR in our office and connecting with a Linksys (CISCO) RV016 VPN router.  These are two small doctors offices that need to have computer, and Voip traffic over a VPN.
    Currently we connect an older RV082 and the RV016 together and have NO issues with VOIP traffic.  If we establish a connection with the 2911 router then we are having an issue with no voice or RTP traffic coming through.  Phones will connect, and dial out, but no voice can be heard.
    The First office is on a Verizon Fios Network with a MTU of 1492. The Network and servers are as follows:
    Remote Office                                                                            Main Office
    Linksys Spa 942 phones
                   |                                                                        
    Netgear 10/100 POE Switch
                   |                                                                        =================
    Linksys (cisco) RV016 VPN                                            |          2911                 |
                   |                                                                       |    POE Module Sw     |
    Comcast Cable Modem                                                  -------------------------------       
                   |                                                                                       |          |
                 VPN                                                                                VPN       |
                   +=======================================+     Asterisk
                                                                                                                  (Call Man)
    Basically we have the Internet coming in from Gig0/0 and routing traffic to multiple outside IP addresses so we are using 3 subs in our configuration.
    192.168.1.X          192.168.2.X          192.168.3.X               192.168.0.X (Remote Group)
    When we connect the old routers (RV016 and RV082) VPN VOIP and Data traffic go fine.   We are using a Term Server on one end, Web Server, and the Asterisk PBX for our VOIP Call Manager.
    So far we connect up the 2911 and the RV016 and have no issues with data traffic.  But the VOIP is dead on the remote end.  No sound.  We did a Wireshark on traffic, and we are getting some 407 errors from the Astersick Host, and a unknown RTP version 1 error message.  THe only thing that we had to do on the RV082 router was port forward UDP 506 and 10001 - 20000 for the traffic, and setup a access rule, but nothing else.
    We are getting traffic on the 2911, but nothing else.  We have excluded the 192.158.0.X traffic from the NAT so not to get into that issue, and have even tried forwarding ports but nothing seems to help.  Is there a good way to route this traffic?  Our bandwidth is pretty fast so I am not sure if QoS is needed, but if so it is not one of my strong areas.  What is the best way to route this traffic through the VPN without loosing the RTP part of the call.

    I put this line in and still not getting audio on the other end.  I will be doing captures tonight from working and non working phones.  I need to get this resolved.  I have spent 3 weeks on this issue and I have run out of time.  Should I use the DEBUG VOIP SIP command for the capture on the router?  I believe this would be the best resolution to the service to see what is going on.  The phones work with a RV016 and RV082 router in place.  All data traffic works fine in sending and recieving calls.
    I have read about all of the articles on Cisco and voip traffic.  We are going to be shutting off the natting on the router to see if I can just get the voip traffic to flow.  Once we get it flowing then I can work on building up the house on a stable foundation.
    At this time, we are routing multiple IP addresses throught the 2911 and have IP NAT OUTSIDE on the G0/0 port and IP NAT INSIDE on the G1/0 Interface, which is a POE Switch Module in the 2911.
    I know that the cisco router wants to act as a call manager, or terminate the SIP traffic on the 2911, but we have a working Asterisk box that handles all SIP traffic.  If there is a way to just forward the traffic there properly, without the 2911 trying to intercept the traffic, that would be wonderful.  I am looking at the possibility of creating dial-peer groups for all of the phones, but really is this needed?  What is so frustrating about the whole situation is that I put in a 5 year old sub $200 router and everything works.
    Dale

  • ASA 5505 Static NAT

    Hi Guys,
    Me again asking for some more help, thanks.
    I am trying to deploy a Polycom Access Director behind an ASA 5505 firewall and am having some problems configuring inbound NAT for this device.
    Currenlty I am able to dial from an endpoint outbound through the ASA with no problem but am unable to dial into the VC endpoint by the IP address (Traffic is not hitting the Access Director)
    This blog post shows what I am trying to achieve along with the ACLs that I have applied.
    http://blog.networkfoo.org/2014/02/deploy-polycom-rpad-single-nic-with.html#!/2014/02/deploy-polycom-rpad-single-nic-with.html
    These are my NAT Rules
    nat (Wireless_LAN,VC_INFRA) source static obj-10.255.222.0 obj-10.255.222.0 destination static obj-10.255.243.0 obj-10.255.243.0
    nat (Wireless_LAN,VC_DMZ) source static obj-10.255.222.0 obj-10.255.222.0 destination static obj-10.255.239.0 obj-10.255.239.0
    nat (Wireless_LAN,VC_LAN) source static obj-10.255.222.0 obj-10.255.222.0 destination static obj-10.255.243.0 obj-10.255.243.0
    nat (VC_INFRA,any) source static obj-10.255.243.0 obj-10.255.243.0 destination static VPNPool-Network VPNPool-Network
    object network obj-10.255.222.0
     nat (outside,outside) dynamic interface
    object network obj-10.255.243.0
     nat (outside,outside) dynamic interface
    object network obj_any
     nat (Wireless_LAN,outside) dynamic interface
    object network obj_any-01
     nat (VC_DMZ,outside) dynamic interface
    object network obj_any-02
     nat (VC_INFRA,outside) dynamic interface
    object network obj_any-03
     nat (VC_LAN,outside) dynamic interface
    nat (outside,VC_DMZ) after-auto source static any any destination static interface obj-CV2RPAD1
    This is my ACLs
    access-list outside_access_in extended permit udp any eq 1719 object-group RPAD_SERVERS_EXT eq 1719
    access-list outside_access_in extended permit udp any eq 1720 object-group RPAD_SERVERS_EXT eq 1720
    access-list outside_access_in extended permit tcp any gt 1023 object-group RPAD_SERVERS_EXT eq h323
    access-list outside_access_in extended permit tcp any gt 1023 object-group RPAD_SERVERS_EXT range 10001 13000
    access-list outside_access_in extended permit udp any gt 1023 object-group RPAD_SERVERS_EXT range 20002 30001
    access-list outside_access_in extended permit tcp any gt 1023 object-group RPAD_SERVERS_EXT eq sip
    access-list outside_access_in extended permit udp any gt 1023 object-group RPAD_SERVERS_EXT eq sip
    access-list outside_access_in extended permit tcp any gt 1023 object-group RPAD_SERVERS_EXT eq 5061
    access-list outside_access_in extended permit tcp any gt 1023 object-group RPAD_SERVERS_EXT eq 5222
    access-list outside_access_in extended permit icmp any any object-group DefaultICMP
    access-list dmz_access_in extended permit udp object-group RPAD_SERVERS_EXT range 20002 30001 any range 20002 30001
    access-list dmz_access_in extended permit udp object-group RPAD_SERVERS_EXT range 20002 30001 any range 16386 25386
    access-list dmz_access_in extended permit udp object-group RPAD_SERVERS_EXT eq 1719 any eq 1719
    access-list dmz_access_in extended permit udp object-group RPAD_SERVERS_EXT eq 1720 object-group DMA_SERVERS_INT eq 1720
    access-list dmz_access_in extended permit tcp object-group RPAD_SERVERS_EXT range 10001 13000 object-group DMA_SERVERS_INT eq h323
    access-list dmz_access_in extended permit tcp object-group RPAD_SERVERS_EXT range 10001 13000 object-group DMA_SERVERS_INT range 36000 61000
    access-list dmz_access_in extended permit tcp object-group RPAD_SERVERS_EXT range 13001 15000 any gt 1023
    access-list dmz_access_in extended permit udp object-group RPAD_SERVERS_EXT eq sip any gt 1023
    access-list dmz_access_in extended permit udp object-group RPAD_SERVERS_EXT eq 5070 object-group DMA_SERVERS_INT eq sip
    access-list dmz_access_in extended permit tcp object-group RPAD_SERVERS_EXT range 30001 60000 object-group RM_SERVERS_INT eq https
    access-list dmz_access_in extended permit tcp object-group RPAD_SERVERS_EXT range 10001 13000 any gt 1023
    access-list dmz_access_in extended permit icmp object-group RPAD_SERVERS_EXT any object-group DefaultICMP
    If I move my NAT statement as follows
          no nat after-auto 1
          nat (outside,VC_DMZ) 5 source static any any destination static interface obj-CV2RPAD1
    I am able to dial outbound still with no issues and am also able to intiate a call inbound which partially connects. The call seems to fail at the Capabilities exchange so the RTP media stream does not start up so there is some additional troubleshooting to be done.
    However moving this NAT statement has the side effect of breaking the IPSec VPN that I have configured for the Cisco VPN Client, I would like to be able to keep my VPN working and be able to do a port forwards/Static 1:1 NAT towards my RPAD.
    Once this is happy and working I can then go and troubleshoot why inbound calls are failing at the cpabilities exchange.

    Thanks a lot Jon, for assisted me solve this problem.
    The weird thing that i can't undestand, is that the icmp was working without a problem using the above mentioned access-list however accesing the web server using www wasn't working.
    How you explain that?

  • ASA 5505 site to site RTP traffic is hitting deny all rule

    Hello,
    Got an ASA5505 connected to another endpoint running IPsec and being NAT'd at each end to a 10.0.0.0/24 network. I can pass other types of traffic through the ASA 5505 but not RTP traffic. The moment it is NAT'd and hits the firewall rules it gets denied by the default deny at the bottom of the list.
    Currently the rules are as follows
    Incoming External
    allow ip any any
    allow tcp any any
    allow udp any any
    default deny
    Incoming Internal
    allow ip any any
    allow tcp any any
    allow udp any any
    default deny
    It wont allow us to setup a voip call...however when the same call manager sets up a voip call NOT using this ipsec tunnel it works just fine.

    Hi Daniel,
    I guess there is support feature issue with the ASA sending VOIP traffic over VPN
    The ASA Phone Proxy does not  support inspection of packets from phones connecting to it over a VPN  tunnel. Therefore, sending phone proxy traffic through a VPN tunnel is  not supported.
    Note The ASA 5500 appliances running version 8.4 can support the Phone Proxy feature when integrated with Unified CM 8.0(x) but do not support Phone Proxy with Unified CM versions 8.5(x) and 8.6(x).
    Please do rate if the given information helps.
    By
    Karthik

  • Does anybody have a solution for the NAT problem?

    Is somebody's application or Applet able to play any RTP stream behind a NAT Router? Can anybody establish any kind of connection / broadcasting between two subnets? I've got my RTP-Transmitter@public IP (using RTPManager...SendStream.start()), and I try to receive the stream from my local network which is behind a router (DHCP: 192.168....).
    I read forums, newsgroups, looked for any solution for days all over the web but I've found nothing. Zero.
    What's the secret? Any hints?
    Best regards from Munich / Germany,
    r.v.

    Hi
    I have the same problem.
    I have one appletTransmitter that capture video from webcam and transmit it to other client on internet.
    I try to transmit medialocator from appletTransmitter to servlet1 and then save MedialLocator as servlet attribute, then other client can connect to servlet2 that send saved MediaLocator to appletClient.
    APPLETTRANSMITTER:
    URL url=null;
    MediaLocator media=new MediaLocator("vfw://0");
    try{
    url = new URL("http://localhost:8080/servlet1");
    catch(MalformedURLException mue){mue.printStackTrace();}
    URLConnection conn=null;
    try{
    conn = url.openConnection();
    catch(IOException ioe){ioe.printStackTrace();}
    conn.setDoOutput(true);
    OutputStream os=null;
    ObjectOutputStream oos=null;
    InputStream in=null;
    ObjectInputStream iin=null;
    MediaLocator mResp=null;
    String r=null;
    try{
    os=conn.getOutputStream();
    oos=new ObjectOutputStream(os);
    oos.writeObject(media);
    //oos.writeObject("Prova Servlet");
    oos.flush();
    catch(IOException io){io.printStackTrace();}
    catch(ClassNotFoundException cn){cn.printStackTrace();}
    SERVLET1
    ObjectInputStream objin = new ObjectInputStream(request.getInputStream());
    MediaLocator ml =null;
    try{
    ml = (MediaLocator) objin.readObject();
    context.setAttribute("media",ml);
    catch(ClassNotFoundException e)
    {e.printStackTrace()}
    But on servlet1 there is a ClassNotFoundException: MediaLocator
    What do we think about the solution and exception problem?
    Best Regards,
    Nico from Italy

  • Need help setting up static NAT to internal server

    One of my internal servers requires it to be available to the internet I am having a hard time allowing it to be NATed through my Ciscc 2801 router. It seems as though im missing something small. From what I can gather it seems as though its as issue with ACL, but im not sure. I have ran the following command: ip nat inside source static tcp 192.168.5.1 ***WAN IP Address*** 8443 extendable Then I tried to add it to the ACL
    via this command: access-list 150 permit tcp any host ***WAN IP Address*** eq 8443
    Here is a copy of my config. Please advise. Thanks.
    IP    172.19.3.x
    sub 255.255.255.128
    GW 172.19.3.129
    Ciscso 2801 Router
    Current configuration : 11858 bytes
    version 12.4
    service timestamps debug datetime localtime
    service timestamps log datetime localtime show-timezone
    service password-encryption
    hostname router-2801
    boot-start-marker
    boot-end-marker
    logging message-counter syslog
    logging buffered 4096
    aaa new-model
    aaa authentication login userauthen group radius local
    aaa authorization network groupauthor local
    aaa session-id common
    clock timezone est -5
    clock summer-time zone recurring last Sun Mar 2:00 1 Sun Nov 2:00
    dot11 syslog
    ip source-route
    ip dhcp excluded-address 172.19.3.129 172.19.3.149
    ip dhcp excluded-address 172.19.10.1 172.19.10.253
    ip dhcp excluded-address 172.19.3.140
    ip dhcp ping timeout 900
    ip dhcp pool DHCP
       network 172.19.3.128 255.255.255.128
       default-router 172.19.3.129
       domain-name domain.local
       netbios-name-server 172.19.3.7
       option 66 ascii 172.19.3.225
       dns-server 172.19.3.140 208.67.220.220 208.67.222.222
    ip dhcp pool VoiceDHCP
       network 172.19.10.0 255.255.255.0
       default-router 172.19.10.1
       dns-server 208.67.220.220 8.8.8.8
       option 66 ascii 172.19.10.2
       lease 2
    ip cef
    ip inspect name SDM_LOW cuseeme
    ip inspect name SDM_LOW dns
    ip inspect name SDM_LOW ftp
    ip inspect name SDM_LOW h323
    ip inspect name SDM_LOW https
    ip inspect name SDM_LOW icmp
    ip inspect name SDM_LOW imap
    ip inspect name SDM_LOW pop3
    ip inspect name SDM_LOW netshow
    ip inspect name SDM_LOW rcmd
    ip inspect name SDM_LOW realaudio
    ip inspect name SDM_LOW rtsp
    ip inspect name SDM_LOW esmtp
    ip inspect name SDM_LOW sqlnet
    ip inspect name SDM_LOW streamworks
    ip inspect name SDM_LOW tftp
    ip inspect name SDM_LOW tcp
    ip inspect name SDM_LOW udp
    ip inspect name SDM_LOW vdolive
    no ip domain lookup
    ip domain name domain.local
    multilink bundle-name authenticated
    key chain key1
    key 1
       key-string 7 06040033484B1B484557
    crypto pki trustpoint TP-self-signed-3448656681
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-3448bb6681
    revocation-check none
    rsakeypair TP-self-signed-344bbb56681
    crypto pki certificate chain TP-self-signed-3448656681
    certificate self-signed 01
      3082024F
                quit
    username admin privilege 15 password 7 F55
    archive
    log config
      hidekeys
    crypto isakmp policy 10
    encr 3des
    hash md5
    authentication pre-share
    group 2
    crypto isakmp key XXXXX address 209.118.0.1
    crypto isakmp key xxxxx address SITE B Public IP
    crypto isakmp keepalive 40 5
    crypto isakmp nat keepalive 20
    crypto isakmp client configuration group IISVPN
    key 1nsur3m3
    dns 172.19.3.140
    wins 172.19.3.140
    domain domain.local
    pool VPN_Pool
    acl 198
    crypto isakmp profile IISVPNClient
       description VPN clients profile
       match identity group IISVPN
       client authentication list userauthen
       isakmp authorization list groupauthor
       client configuration address respond
    crypto ipsec transform-set myset esp-3des esp-md5-hmac
    crypto dynamic-map Dynamic 5
    set transform-set myset
    set isakmp-profile IISVPNClient
    qos pre-classify
    crypto map VPN 10 ipsec-isakmp
    set peer 209.118.0.1
    set peer SITE B Public IP
    set transform-set myset
    match address 101
    qos pre-classify
    crypto map VPN 65535 ipsec-isakmp dynamic Dynamic
    track 123 ip sla 1 reachability
    delay down 15 up 10
    class-map match-any VoiceTraffic
    match protocol rtp audio
    match protocol h323
    match protocol rtcp
    match access-group name VOIP
    match protocol sip
    class-map match-any RDP
    match access-group 199
    policy-map QOS
    class VoiceTraffic
        bandwidth 512
    class RDP
        bandwidth 768
    policy-map MainQOS
    class class-default
        shape average 1500000
      service-policy QOS
    interface FastEthernet0/0
    description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$FW_INSIDE$
    ip address 172.19.3.129 255.255.255.128
    ip access-group 100 in
    ip inspect SDM_LOW in
    ip nat inside
    ip virtual-reassembly
    duplex auto
    speed auto
    interface FastEthernet0/0.10
    description $ETH-VoiceVLAN$$
    encapsulation dot1Q 10
    ip address 172.19.10.1 255.255.255.0
    ip inspect SDM_LOW in
    ip nat inside
    ip virtual-reassembly
    interface FastEthernet0/1
    description "Comcast"
    ip address PUB IP 255.255.255.248
    ip access-group 102 in
    ip inspect SDM_LOW out
    ip nat outside
    ip virtual-reassembly
    duplex auto
    speed auto
    crypto map VPN
    interface Serial0/1/0
    description "Verizon LEC Circuit ID: w0w13908 Site ID: U276420-1"
    bandwidth 1536
    no ip address
    encapsulation frame-relay IETF
    frame-relay lmi-type ansi
    interface Serial0/1/0.1 point-to-point
    bandwidth 1536
    ip address 152.000.000.18 255.255.255.252
    ip access-group 102 in
    ip verify unicast reverse-path
    ip inspect SDM_LOW out
    ip nat outside
    ip virtual-reassembly
    frame-relay interface-dlci 500 IETF
    crypto map VPN
    service-policy output MainQOS
    interface Serial0/2/0
    description "PAETEC 46.HCGS.788446.CV (Verizon ID) / 46.HCGS.3 (PAETEC ID)"
    ip address 123.252.123.102 255.255.255.252
    ip access-group 102 in
    ip inspect SDM_LOW out
    ip nat outside
    ip virtual-reassembly
    encapsulation ppp
    crypto map VPN
    service-policy output MainQOS
    ip local pool VPN_Pool 172.20.3.130 172.20.3.254
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 50.00.000.110 track 123
    ip route 0.0.0.0 0.0.0.0 111.252.237.000 254
    ip route 122.112.197.20 255.255.255.255 209.252.237.101
    ip route 208.67.220.220 255.255.255.255 50.78.233.110
    no ip http server
    no ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip flow-top-talkers
    top 20
    sort-by bytes
    ip nat inside source route-map COMCAST interface FastEthernet0/1 overload
    ip nat inside source route-map PAETEC interface Serial0/2/0 overload
    ip nat inside source route-map VERIZON interface Serial0/1/0.1 overload
    ip nat inside source static tcp 172.19.3.140 21 PUB IP 21 extendable
    ip access-list extended VOIP
    permit ip 172.20.3.0 0.0.0.127 host 172.19.3.190
    permit ip host 172.19.3.190 172.20.3.0 0.0.0.127
    ip radius source-interface FastEthernet0/0
    ip sla 1
    icmp-echo 000.67.220.220 source-interface FastEthernet0/1
    timeout 10000
    frequency 15
    ip sla schedule 1 life forever start-time now
    access-list 23 permit 172.19.3.0 0.0.0.127
    access-list 23 permit 172.19.3.128 0.0.0.127
    access-list 23 permit 173.189.251.192 0.0.0.63
    access-list 23 permit 107.0.197.0 0.0.0.63
    access-list 23 permit 173.163.157.32 0.0.0.15
    access-list 23 permit 72.55.33.0 0.0.0.255
    access-list 23 permit 172.19.5.0 0.0.0.63
    access-list 100 remark "Outgoing Traffic"
    access-list 100 deny   ip 67.128.87.156 0.0.0.3 any
    access-list 100 deny   ip host 255.255.255.255 any
    access-list 100 deny   ip 127.0.0.0 0.255.255.255 any
    access-list 100 permit tcp host 172.19.3.190 any eq smtp
    access-list 100 permit tcp host 172.19.3.137 any eq smtp
    access-list 100 permit tcp any host 66.251.35.131 eq smtp
    access-list 100 permit tcp any host 173.201.193.101 eq smtp
    access-list 100 permit ip any any
    access-list 100 permit tcp any any eq ftp
    access-list 101 remark "Interesting VPN Traffic"
    access-list 101 permit ip 172.19.3.128 0.0.0.127 172.19.3.0 0.0.0.127
    access-list 101 permit ip 172.20.3.128 0.0.0.127 172.19.3.0 0.0.0.127
    access-list 101 permit ip 172.19.3.128 0.0.0.127 host 172.19.250.10
    access-list 101 permit ip 172.19.3.128 0.0.0.127 host 172.19.250.11
    access-list 101 permit tcp any any eq ftp
    access-list 101 permit tcp any any eq ftp-data
    access-list 102 remark "Inbound Access"
    access-list 102 permit udp any host 152.179.53.18 eq non500-isakmp
    access-list 102 permit udp any host 152.179.53.18 eq isakmp
    access-list 102 permit esp any host 152.179.53.18
    access-list 102 permit ahp any host 152.179.53.18
    access-list 102 permit udp any host 209.000.000.102 eq non500-isakmp
    access-list 102 permit udp any host 209.000.000.102 eq isakmp
    access-list 102 permit esp any host 209.000.000.102
    access-list 102 permit ahp any host 209.000.000.102
    access-list 102 permit udp any host PUB IP eq non500-isakmp
    access-list 102 permit udp any host PUB IP eq isakmp
    access-list 102 permit esp any host PUB IP
    access-list 102 permit ahp any host PUB IP
    access-list 102 permit ip 72.55.33.0 0.0.0.255 any
    access-list 102 permit ip 107.0.197.0 0.0.0.63 any
    access-list 102 deny   ip 172.19.3.128 0.0.0.127 any
    access-list 102 permit icmp any any echo-reply
    access-list 102 permit icmp any any time-exceeded
    access-list 102 permit icmp any any unreachable
    access-list 102 permit icmp any any
    access-list 102 deny   ip any any log
    access-list 102 permit tcp any host 172.19.3.140 eq ftp
    access-list 102 permit tcp any host 172.19.3.140 eq ftp-data established
    access-list 102 permit udp any host SITE B Public IP  eq non500-isakmp
    access-list 102 permit udp any host SITE B Public IP  eq isakmp
    access-list 102 permit esp any host SITE B Public IP
    access-list 102 permit ahp any host SITE B Public IP
    access-list    102  permit tcp any host public ip eq 8443
    access-list 110 remark "Outbound NAT Rule"
    access-list 110 remark "Deny VPN Traffic NAT"
    access-list 110 deny   ip 172.19.3.128 0.0.0.127 172.19.3.0 0.0.0.127
    access-list 110 deny   ip 172.19.3.128 0.0.0.127 172.19.10.0 0.0.0.255
    access-list 110 deny   ip 172.19.10.0 0.0.0.255 172.19.3.128 0.0.0.127
    access-list 110 deny   ip 172.20.3.128 0.0.0.127 172.19.3.0 0.0.0.127
    access-list 110 deny   ip 172.19.3.128 0.0.0.127 172.20.3.128 0.0.0.127
    access-list 110 deny   ip 172.19.3.128 0.0.0.127 host 172.19.250.11
    access-list 110 deny   ip 172.19.3.128 0.0.0.127 host 172.19.250.10
    access-list 110 permit ip 172.19.3.128 0.0.0.127 any
    access-list 110 permit ip 172.19.10.0 0.0.0.255 any
    access-list 198 remark "Networks for IISVPN Client"
    access-list 198 permit ip 172.19.3.0 0.0.0.127 172.20.3.128 0.0.0.127
    access-list 198 permit ip 172.19.3.128 0.0.0.127 172.20.3.128 0.0.0.127
    access-list 199 permit tcp any any eq 3389
    route-map PAETEC permit 10
    match ip address 110
    match interface Serial0/2/0
    route-map COMCAST permit 10
    match ip address 110
    match interface FastEthernet0/1
    route-map VERIZON permit 10
    match ip address 110
    match interface Serial0/1/0.1
    snmp-server community 123 RO
    radius-server host 172.19.3.7 auth-port 1645 acct-port 1646 key 7 000000000000000
    control-plane
    line con 0
    line aux 0
    line vty 0 4
    access-class 23 in
    privilege level 15
    transport input telnet ssh
    line vty 5 15
    access-class 23 in
    privilege level 15
    transport input telnet ssh
    scheduler allocate 20000 1000
    ntp server 128.118.25.3
    ntp server 217.150.242.8
    end

    If you are planning to use the fa0/1 interface IP itself then the configuration would be:
    ip nat inside source static tcp 172.19.3.133 8443 interface fa0/1 8443 extendable
    Assuming that you would like to port forward TCP/8443.
    Then the ACL should be written:
    ip access-list extended 102
      2 permit tcp any host eq 8443

  • CME 8.6 running on PUBLIC IP . should I do NAT ?

    Hello All
    I have a CME 8.6 router with one PUBLIC IP to eth0 interface.
    Do you need to do NAT for all IP phone to make and receive calls ?
    Currently I have configured NAT and I did not BIND media to any interface . I could able to make calls but Audio is one way . Other party can not hear anyting.
    cme#show run
    Building configuration...
    voice service voip
     ip address trusted list
      ipv4 192.168.4.0 255.255.255.0
      ipv4 x.x.x.x 255.255.255.255
     allow-connections sip to sip
     no supplementary-service h450.2
     no supplementary-service h450.3
     no supplementary-service h450.7
     no supplementary-service sip moved-temporarily
     no supplementary-service sip refer
     no supplementary-service sip handle-replaces
     sip
      registrar server expires max 3600 min 1800
    voice register global
     mode cme
     source-address 192.168.1.3 port 5060
     max-dn 60
     max-pool 50
     load 9971 sip9971.9-4-1SR1-2
     load 9951 sip9951.9-4-1SR1-2
     authenticate register
      date-format D/M/Y
     tftp-path flash:
     create profile sync 002035708611093A
     ntp-server 128.138.141.172 mode directedbroadcast
     camera
     video
    voice register dn  10
     number 123
     allow watch
     label Home
    voice register pool  1
     id mac 00000000
     type 9971
     number 1 dn 1
     dtmf-relay rtp-nte
     username 111 password 111
     codec g711ulaw
     camera
     video
    voice-card 0
     dsp services dspfarm
    interface GigabitEthernet0/0
     ip address XXXXXXXX
     ip access-group tool_check in
     ip nat outside
     ip virtual-reassembly in
     duplex auto
     speed auto
    interface GigabitEthernet0/1
     no ip address
     duplex auto
     speed auto
    interface GigabitEthernet0/1.1000
     encapsulation dot1Q 1000
     ip address 192.168.1.3 255.255.255.0
     ip nat inside
     ip virtual-reassembly in
    router ospf 1
     network 0.0.0.0 255.255.255.255 area 0
    ip forward-protocol nd
    ip http server
    ip http authentication local
    no ip http secure-server
    ip nat inside source list 7 interface GigabitEthernet0/0 overload
    ip route 0.0.0.0 0.0.0.0 x.x.x.x
    ip access-list extended tool_check
     permit ip host x.x.x.x any
     deny   ip any any
    access-list 7 permit 192.168.1.0 0.0.0.255
    tftp-server flash:sip9971.9-4-1SR1-2.loads alias sip9971.9-4-1SR1-2.loads
    tftp-server flash:sip9951.9-4-1SR1-2.loads alias sip9951.9-4-1SR1-2.loads
    tftp-server flash:dkern9971.100609R2-9-4-1SR1-2.sebn alias dkern9971.100609R2-9-4-1SR1-2.sebn
    tftp-server flash:kern9971.9-4-1SR1-2.sebn alias kern9971.9-4-1SR1-2.sebn
    tftp-server flash:rootfs9971.9-4-1SR1-2.sebn alias rootfs9971.9-4-1SR1-2.sebn
    tftp-server flash:sboot9971.031610R1-9-4-1SR1-2.sebn alias sboot9971.031610R1-9-4-1SR1-2.sebn
    tftp-server flash:skern9971.022809R2-9-4-1SR1-2.sebn alias skern9971.022809R2-9-4-1SR1-2.sebn
    tftp-server flash:dkern9951.100609R2-9-4-1SR1-2.sebn alias dkern9951.100609R2-9-4-1SR1-2.sebn
    tftp-server flash:kern9951.9-4-1SR1-2.sebn alias kern9951.9-4-1SR1-2.sebn
    tftp-server flash:rootfs9951.9-4-1SR1-2.sebn alias rootfs9951.9-4-1SR1-2.sebn
    tftp-server flash:sboot9951.031610R1-9-4-1SR1-2.sebn alias sboot9951.031610R1-9-4-1SR1-2.sebn
    tftp-server flash:skern9951.022809R2-9-4-1SR1-2.sebn alias skern9951.022809R2-9-4-1SR1-2.sebn
    tftp-server flash:English_United_States/gd-sip.jar alias gd-sip.jar
    tftp-server flash:g4-tones.xml alias United_States/g4-tones.xml
    tftp-server flash:gd-sip.jar alias English_United_States/gd-sip.jar
    tftp-server flash:sip9971.9-1-1SR1.loads alias sip9971.9-1-1SR1.loads
    tftp-server flash:dkern9971.100609R2-9-1-1SR1.sebn alias dkern9971.100609R2-9-1-1SR1.sebn
    tftp-server flash:kern9971.9-1-1SR1.sebn alias kern9971.9-1-1SR1.sebn
    tftp-server flash:rootfs9971.9-1-1SR1.sebn alias rootfs9971.9-1-1SR1.sebn
    tftp-server flash:sboot9971.031610R1-9-1-1SR1.sebn alias sboot9971.031610R1-9-1-1SR1.sebn
    tftp-server flash:skern9971.022809R2-9-1-1SR1.sebn alias skern9971.022809R2-9-1-1SR1.sebn
    dial-peer voice 21 voip
     description 13
     destination-pattern 13....
     b2bua
     session protocol sipv2
     session target dns:x.x.x.x
     dtmf-relay rtp-nte
     codec g711ulaw
     no vad
    sip-ua
     timers connect 100
    telephony-service
     no auto-reg-ephone
     max-dn 60
     ip source-address 192.168.1.3 port 2000
     max-redirect 9
     cnf-file location flash:
     date-format dd-mm-yy
     max-conferences 8 gain -6
     call-park system application
     moh flash:/music-on-hold.au
     transfer-system full-consult
     secondary-dialtone 0
     after-hours block pattern 1 001
     after-hours block pattern 2 011
     after-hours block pattern 3 000
     after-hours day Sun 00:00 23:59
     after-hours day Mon 00:00 23:59
     after-hours day Tue 00:00 23:59
     after-hours day Wed 00:00 23:59
     after-hours day Thu 00:00 23:59
     after-hours day Fri 00:00 23:59
     after-hours day Sat 00:00 23:59
     create cnf-files version-stamp 7960 Jan 21 2015 09:19:19
    Could anyone please help me what I am missing ?
    Thanks

    Call Apple to see about purchasing Snow Leopard on a disc. I was able to do so even though it doesn't show in the online store. I think it was around $20. Once you install that, run Software Update to get up to 10.6.8. 
    You don't need to have 10.7 or 10.8 to get to Mavericks (as long as your machine will support it).

  • H323 and NAT issue

    Hello all,
    I have a router 1812 Version 12.4(15)T16, RELEASE SOFTWARE (fc2). Router is doing NAT.
    I have a lifesize videoconference system. Calls with h323 are dropped after 30 seconds.
    I have ip inspect rule :
    - ip inspect name SDM_LOW h323
    - ip inspect name SDM_LOW h323callsigalt
    interface FastEthernet0
    ip address xxx.xxx.xxx.xxx 255.255.255.248
    ip access-group 102 in
    ip verify unicast reverse-path
    ip nbar protocol-discovery
    ip flow ingress
    ip flow egress
    ip nat outside
    ip inspect SDM_LOW out
    ip virtual-reassembly
    ip route-cache flow
    speed 100
    full-duplex
    crypto map SDM_CMAP_1
    service-policy input sdmappfwp2p_SDM_LOW
    service-policy output sdmappfwp2p_SDM_LOW
    When I start a communication, I have
    sh ip inspect sessions
    Session 85AE7150 (50.59.87.241:60118)=>(192.168.200.200:60016) h323-RTP-audio SIS_OPEN
    Session 85AE12C0 (50.59.87.241:60119)=>(192.168.200.200:60017) h323-RTCP-audio SIS_OPEN
    Session 85AE39B0 (192.168.200.200:60001)=>(50.59.87.241:62830) h245-media-control SIS_OPEN
    Session 841F7CEC (192.168.200.200:60005)=>(50.59.87.241:1720) h323 SIS_OPEN
    Session 85AE20A8 (50.59.87.241:60120)=>(192.168.200.200:60018) h323-RTP-video SIS_OPENING
    Session 85ADE0B0 (50.59.87.241:60121)=>(192.168.200.200:60019) h323-RTCP-video SIS_OPENING
    Session 85AE4D28 (50.59.87.241:60122)=>(192.168.200.200:60020) h323-RTP-data SIS_OPENING
    Session 85ADCD38 (50.59.87.241:60123)=>(192.168.200.200:60021) h323-RTCP-data SIS_OPENING
    Pre-gen session 85ADA648  192.168.200.200[1024:65535]=>50.59.87.241[60119:60119] h323-RTCP-audio
    Pre-gen session 85AD92D0  192.168.200.200[1024:65535]=>50.59.87.241[60121:60121] h323-RTCP-video
    Pre-gen session 85ADB6F8  192.168.200.200[1024:65535]=>50.59.87.241[60123:60123] h323-RTCP-data
    Pre-gen session 85AD9008  192.168.200.200[1024:65535]=>50.59.87.241[60118:60118] h323-RTP-audio
    Pre-gen session 85AE5848  192.168.200.200[1024:65535]=>50.59.87.241[60119:60119] h323-RTCP-audio
    Where 192.168.200.200 is local IP and 50.59.87.241 the server I try to reach.
    Any idea of what is going on ? Why calls are dropped after 30 seconds ?
    Something with NAT ?

    Hi Alessandro,
    configuration below :
    ip inspect tcp reassembly queue length 200
    ip inspect tcp reassembly timeout 10
    ip inspect name SDM_LOW appfw SDM_LOW
    ip inspect name SDM_LOW dns
    ip inspect name SDM_LOW https
    ip inspect name SDM_LOW icmp
    ip inspect name SDM_LOW imap
    ip inspect name SDM_LOW pop3
    ip inspect name SDM_LOW rcmd
    ip inspect name SDM_LOW sqlnet
    ip inspect name SDM_LOW tcp
    ip inspect name SDM_LOW udp
    ip inspect name SDM_LOW http
    ip inspect name SDM_LOW h323
    ip inspect name SDM_LOW h323callsigalt
    ip inspect name SDM_LOW skinny
    ip inspect name SDM_LOW sip-tls
    ip inspect name SDM_LOW sip
    ip inspect name SDM_LOW esmtp max-data 50000000
    ip inspect name SDM_LOW cuseeme
    ip inspect name SDM_LOW ftp
    ip inspect name SDM_LOW netshow
    ip inspect name SDM_LOW realaudio
    ip inspect name SDM_LOW rtsp
    ip inspect name SDM_LOW streamworks
    WAN_INTERFACE = xxx.xxx.xxx
    interface FastEthernet0
    ip address WAN_INTERFACE.226 255.255.255.248
    ip access-group 102 in
    ip verify unicast reverse-path
    ip nbar protocol-discovery
    ip flow ingress
    ip flow egress
    ip nat outside
    ip inspect SDM_LOW out
    ip virtual-reassembly
    ip route-cache flow
    speed 100
    full-duplex
    crypto map SDM_CMAP_1
    service-policy input sdmappfwp2p_SDM_LOW
    service-policy output sdmappfwp2p_SDM_LOW
    Inbound ACL
    access-list 102 remark SDM_ACL Category=3
    access-list 102 permit tcp any host WAN_INTERFACE.228 eq www log
    access-list 102 permit tcp any host WAN_INTERFACE.228 eq 443 log
    access-list 102 permit tcp any host WAN_INTERFACE.228 eq 558 log
    access-list 102 permit tcp any host WAN_INTERFACE.228 eq 1023 log
    access-list 102 permit tcp any host WAN_INTERFACE.228 eq 1024 log
    access-list 102 permit tcp any host WAN_INTERFACE.228 eq 1503 log
    access-list 102 permit tcp any host WAN_INTERFACE.228 eq 1718 log
    access-list 102 permit tcp any host WAN_INTERFACE.228 eq 1719 log
    access-list 102 permit tcp any host WAN_INTERFACE.228 eq 1720 log
    access-list 102 permit tcp any host WAN_INTERFACE.228 eq 4001 log
    access-list 102 permit tcp any host WAN_INTERFACE.228 eq 11720 log
    access-list 102 permit tcp any host WAN_INTERFACE.228 eq 17518 log
    access-list 102 permit tcp any host WAN_INTERFACE.228 eq 60000 log
    access-list 102 permit tcp any host WAN_INTERFACE.228 eq 60001 log
    access-list 102 permit tcp any host WAN_INTERFACE.228 eq 60002 log
    access-list 102 permit tcp any host WAN_INTERFACE.228 eq 60003 log
    access-list 102 permit tcp any host WAN_INTERFACE.228 eq 60004 log
    access-list 102 permit tcp any host WAN_INTERFACE.228 eq 60005 log
    access-list 102 permit udp any host WAN_INTERFACE.228 eq 60000 log
    access-list 102 permit udp any host WAN_INTERFACE.228 eq 1023 log
    access-list 102 permit udp any host WAN_INTERFACE.228 eq 1024 log
    access-list 102 permit udp any host WAN_INTERFACE.228 eq 1718 log
    access-list 102 permit udp any host WAN_INTERFACE.228 eq 1719 log
    access-list 102 permit udp any host WAN_INTERFACE.228 eq 1720 log
    access-list 102 permit udp any host WAN_INTERFACE.228 eq 5060 log
    access-list 102 permit udp any host WAN_INTERFACE.228 eq 17518 log
    access-list 102 permit udp any host WAN_INTERFACE.228 eq 60001 log
    access-list 102 permit udp any host WAN_INTERFACE.228 eq 60002 log
    access-list 102 permit udp any host WAN_INTERFACE.228 eq 60003 log
    access-list 102 permit udp any host WAN_INTERFACE.228 eq 60004 log
    access-list 102 permit udp any host WAN_INTERFACE.228 eq 60005 log
    access-list 102 permit udp any host WAN_INTERFACE.228 eq 60006 log
    access-list 102 permit udp any host WAN_INTERFACE.228 eq 60007 log
    access-list 102 permit udp any host WAN_INTERFACE.228 eq 60008 log
    access-list 102 permit udp any host WAN_INTERFACE.228 eq 60009 log
    access-list 102 permit udp any host WAN_INTERFACE.228 eq 60010 log
    access-list 102 permit udp any host WAN_INTERFACE.228 eq 60011 log
    access-list 102 permit udp any host WAN_INTERFACE.228 eq 60012 log
    access-list 102 permit udp any host WAN_INTERFACE.228 eq 60013 log
    access-list 102 permit udp any host WAN_INTERFACE.228 eq 60014 log
    access-list 102 permit udp any host WAN_INTERFACE.228 eq 60015 log
    access-list 102 permit udp any host WAN_INTERFACE.228 eq 60016 log
    access-list 102 permit udp any host WAN_INTERFACE.228 eq 60017 log
    access-list 102 permit udp any host WAN_INTERFACE.228 eq 60018 log
    access-list 102 permit udp any host WAN_INTERFACE.228 eq 60019 log
    access-list 102 permit udp any host WAN_INTERFACE.228 eq 60020 log
    access-list 102 permit udp any host WAN_INTERFACE.228 eq 60021 log
    access-list 102 permit udp any host WAN_INTERFACE.228 eq 60022 log
    access-list 102 permit udp any host WAN_INTERFACE.228 eq 60023 log
    access-list 102 permit udp any host WAN_INTERFACE.228 eq 60024 log
    access-list 102 permit udp any host WAN_INTERFACE.228 eq 60025 log
    access-list 102 permit udp any host WAN_INTERFACE.228 eq 3389 log
    access-list 102 permit tcp any host WAN_INTERFACE.228 eq 3389 log
    [ Some ipsec rubles]
    access-list 102 permit tcp any host WAN_INTERFACE.230 eq 22
    access-list 102 permit tcp any host WAN_INTERFACE.230 eq www
    access-list 102 permit tcp any host WAN_INTERFACE.227 eq smtp
    access-list 102 permit udp any host WAN_INTERFACE.227 eq 80
    access-list 102 permit tcp any host WAN_INTERFACE.227 eq www
    access-list 102 permit tcp any host WAN_INTERFACE.227 eq ftp
    access-list 102 permit tcp any host WAN_INTERFACE.226 eq 1723
    access-list 102 permit tcp any host WAN_INTERFACE.226 eq 47
    ip nat inside source static udp LAN_INTERFACE 60000 WAN_INTERFACE.228 60000 route-map SDM_RMAP_32 extendable
    ip nat inside source static tcp LAN_INTERFACE 80 WAN_INTERFACE.228 80 route-map SDM_RMAP_15 extendable
    ip nat inside source static tcp LAN_INTERFACE 443 WAN_INTERFACE.228 443 route-map SDM_RMAP_7 extendable
    ip nat inside source static tcp LAN_INTERFACE 558 WAN_INTERFACE.228 558 route-map SDM_RMAP_47 extendable
    ip nat inside source static tcp LAN_INTERFACE 1023 WAN_INTERFACE.228 1023 route-map SDM_RMAP_77 extendable
    ip nat inside source static udp LAN_INTERFACE 1023 WAN_INTERFACE.228 1023 route-map SDM_RMAP_78 extendable
    ip nat inside source static tcp LAN_INTERFACE 1024 WAN_INTERFACE.228 1024 route-map SDM_RMAP_73 extendable
    ip nat inside source static udp LAN_INTERFACE 1024 WAN_INTERFACE.228 1024 route-map SDM_RMAP_74 extendable
    ip nat inside source static tcp LAN_INTERFACE 1503 WAN_INTERFACE.228 1503 route-map SDM_RMAP_75 extendable
    ip nat inside source static tcp LAN_INTERFACE 1718 WAN_INTERFACE.228 1718 route-map SDM_RMAP_86 extendable
    ip nat inside source static udp LAN_INTERFACE 1718 WAN_INTERFACE.228 1718 route-map SDM_RMAP_87 extendable
    ip nat inside source static tcp LAN_INTERFACE 1719 WAN_INTERFACE.228 1719 route-map SDM_RMAP_42 extendable
    ip nat inside source static udp LAN_INTERFACE 1719 WAN_INTERFACE.228 1719 route-map SDM_RMAP_43 extendable
    ip nat inside source static tcp LAN_INTERFACE 1720 WAN_INTERFACE.228 1720 route-map SDM_RMAP_28 extendable
    ip nat inside source static udp LAN_INTERFACE 1720 WAN_INTERFACE.228 1720 route-map SDM_RMAP_44 extendable
    ip nat inside source static tcp LAN_INTERFACE 4001 WAN_INTERFACE.228 4001 route-map SDM_RMAP_72 extendable
    ip nat inside source static udp LAN_INTERFACE 5060 WAN_INTERFACE.228 5060 route-map SDM_RMAP_29 extendable
    ip nat inside source static tcp LAN_INTERFACE 11720 WAN_INTERFACE.228 11720 route-map SDM_RMAP_71 extendable
    ip nat inside source static tcp LAN_INTERFACE 17518 WAN_INTERFACE.228 17518 route-map SDM_RMAP_45 extendable
    ip nat inside source static udp LAN_INTERFACE 17518 WAN_INTERFACE.228 17518 route-map SDM_RMAP_46 extendable
    ip nat inside source static tcp LAN_INTERFACE 60000 WAN_INTERFACE.228 60000 route-map SDM_RMAP_30 extendable
    ip nat inside source static tcp LAN_INTERFACE 60001 WAN_INTERFACE.228 60001 route-map SDM_RMAP_31 extendable
    ip nat inside source static udp LAN_INTERFACE 60001 WAN_INTERFACE.228 60001 route-map SDM_RMAP_33 extendable
    ip nat inside source static tcp LAN_INTERFACE 60002 WAN_INTERFACE.228 60002 route-map SDM_RMAP_66 extendable
    ip nat inside source static udp LAN_INTERFACE 60002 WAN_INTERFACE.228 60002 route-map SDM_RMAP_34 extendable
    ip nat inside source static tcp LAN_INTERFACE 60003 WAN_INTERFACE.228 60003 route-map SDM_RMAP_67 extendable
    ip nat inside source static udp LAN_INTERFACE 60003 WAN_INTERFACE.228 60003 route-map SDM_RMAP_35 extendable
    ip nat inside source static tcp LAN_INTERFACE 60004 WAN_INTERFACE.228 60004 route-map SDM_RMAP_68 extendable
    ip nat inside source static udp LAN_INTERFACE 60004 WAN_INTERFACE.228 60004 route-map SDM_RMAP_36 extendable
    ip nat inside source static tcp LAN_INTERFACE 60005 WAN_INTERFACE.228 60005 route-map SDM_RMAP_69 extendable
    ip nat inside source static udp LAN_INTERFACE 60005 WAN_INTERFACE.228 60005 route-map SDM_RMAP_37 extendable
    ip nat inside source static udp LAN_INTERFACE 60006 WAN_INTERFACE.228 60006 route-map SDM_RMAP_38 extendable
    ip nat inside source static udp LAN_INTERFACE 60007 WAN_INTERFACE.228 60007 route-map SDM_RMAP_39 extendable
    ip nat inside source static udp LAN_INTERFACE 60008 WAN_INTERFACE.228 60008 route-map SDM_RMAP_48 extendable
    ip nat inside source static udp LAN_INTERFACE 60009 WAN_INTERFACE.228 60009 route-map SDM_RMAP_49 extendable
    ip nat inside source static udp LAN_INTERFACE 60010 WAN_INTERFACE.228 60010 route-map SDM_RMAP_50 extendable
    ip nat inside source static udp LAN_INTERFACE 60011 WAN_INTERFACE.228 60011 route-map SDM_RMAP_51 extendable
    ip nat inside source static udp LAN_INTERFACE 60012 WAN_INTERFACE.228 60012 route-map SDM_RMAP_52 extendable
    ip nat inside source static udp LAN_INTERFACE 60013 WAN_INTERFACE.228 60013 route-map SDM_RMAP_53 extendable
    ip nat inside source static udp LAN_INTERFACE 60014 WAN_INTERFACE.228 60014 route-map SDM_RMAP_54 extendable
    ip nat inside source static udp LAN_INTERFACE 60015 WAN_INTERFACE.228 60015 route-map SDM_RMAP_55 extendable
    ip nat inside source static udp LAN_INTERFACE 60016 WAN_INTERFACE.228 60016 route-map SDM_RMAP_56 extendable
    ip nat inside source static udp LAN_INTERFACE 60017 WAN_INTERFACE.228 60017 route-map SDM_RMAP_57 extendable
    ip nat inside source static udp LAN_INTERFACE 60018 WAN_INTERFACE.228 60018 route-map SDM_RMAP_58 extendable
    ip nat inside source static udp LAN_INTERFACE 60019 WAN_INTERFACE.228 60019 route-map SDM_RMAP_59 extendable
    ip nat inside source static udp LAN_INTERFACE 60020 WAN_INTERFACE.228 60020 route-map SDM_RMAP_60 extendable
    ip nat inside source static udp LAN_INTERFACE 60021 WAN_INTERFACE.228 60021 route-map SDM_RMAP_61 extendable
    ip nat inside source static udp LAN_INTERFACE 60022 WAN_INTERFACE.228 60022 route-map SDM_RMAP_62 extendable
    ip nat inside source static udp LAN_INTERFACE 60023 WAN_INTERFACE.228 60023 route-map SDM_RMAP_63 extendable
    ip nat inside source static udp LAN_INTERFACE 60024 WAN_INTERFACE.228 60024 route-map SDM_RMAP_64 extendable
    ip nat inside source static udp LAN_INTERFACE 60025 WAN_INTERFACE.228 60025 route-map SDM_RMAP_65 extendable
    ip nat inside source static LAN_INTERFACE WAN_INTERFACE.228 route-map SDM_RMAP_76
    All SMD_RMAP are like this one below
    route-map SDM_RMAP_32 permit 1
    match ip address 141
    access-list 141 remark SDM_ACL Category=2
    access-list 141 deny   ip host LAN_INTERFACE 10.0.5.0 0.0.0.31
    access-list 141 deny   ip host LAN_INTERFACE 10.0.5.40 0.0.0.1
    access-list 141 permit udp host LAN_INTERFACE eq 60000 any

  • RTP Server?

    has anyone done this? I am wanting to setup streaming video/audio from an applet (camera) to a server and broadcast out to an applet(browser) I need the server in the middle to manage the viewers. Do I need a specific RTP Server or can I use a regular web server? Thanks.

    @rkippen: So, 2 months... Why don't you tell us how to solve the NAT problem, if you have already done it? Consider that he wants to send and receive from an Applet, which means:
    1. signing Applets two times
    2. writing RTP server
    3. Installing JMF @ sender side
    4. solving the NAT & firewall problems
    5. He will probably try to implement some effects, maybe sound or video or both of them
    Two months? All right...
    Best regards from Germany,
    r.v.

  • AE with inbound SIP and RTP over UDP - Will not open ports

    I am using a Linksys SPA962 IP Phone via an Airport Express with the latest firmware connecting to an Asterisk PBX (http://www.asterisk.org) over the internet. I may make outbound calls and have my incoming and outgoing audio over RTP with the appropriate UDP ports no problem. But, when I receive an inbound call, I get the SIP INVITE no problem, but the AE refuses to open those RTP ports. I have NAT keep alive at 15 seconds.
    Now, I have tried almost every combination. Enabling NAT-PMP forwarding to all of the appropriate IP/Ports, turning it off (really should not be necessary with keep alive on register with the Asterisk). I am stumped, it is almost as of AE does not like UDP for inbound. I have others using Linksys routers with a similar configuration working inbound and outbound no problem.
    I am stumped. Ideas? Chuck the AE in the bin?

    I Googled up the following:
    http://lists.apple.com/archives/Macnetworkprog/2006/Jul/msg00040.html
    I am having this issue:
    http://discussions.apple.com/message.jspa?messageID=7256265#7256265
    Are all these things the same issue?
    My ISP "tells me" that they will not allow more than one IP address per account. I have a basic cable modem i.e. not a router. Its a D-Link DCM-202. I have been told to try a level-2 switch but I can't see how that will work. As far as I can see the DCM-202 cable modem is bridging to my AEBS so that is allocated the WAN IP address by the ISP's DHCP server. Does this sound right?
    I'd like to create an actual DMZ but since my cable modem only has one port I can't see how I can do that unless I use 2 routers. If I try this I am expecting that I'd have complicated port forwarding configurations no?

  • How to avoid packate loss in RTP??

    Hi,
    I am implementing an sip client(user agent) and its working well for PC to PC but the problem is the poor sound quality.
    The SIP server for this is configured for NAT,and as a solution of this my sip client is using the same port for send and recieve RTP.
    I am using the same RTPManager for transmitting and recieving.
    Now the seen is,
    Same port is being used for transmitting and recieving the RTP.
    I checked the RTPs using some RTP analyzer tool and found that there is 60% packet lose due to which the voice is breaking.
    Can anybody help me out to find the solution for this problem.
    Please guide me.
    Wainting for positive response.
    Pramod Shrama
    Please goide me to avoid the

    hi....
    c through that when u eturn to tab.... set the form values to the page
    i mean if u r using a form bean for ur jsp. use name name atrribute of the sturts html tag. and give the form bean name to the name attribute i hope this would solve your problem
    thaks
    with rgards
    shekhar

Maybe you are looking for

  • Cost of Goods Sold in product costing

    Hi Experts, How can we reconcile the cost components with COGS. I am getting the planned cost estimates from the costing Lets us take an exmaple Planned cogs is 150000 Rs. This figure is from cost estimate We are getting the actual cogs as 130000 Rs

  • How to fix conflicting version of adobe flash player 4.6 on CS6 installation?

    I am basically just wondering how I go about fixing this issue. I am installing the trial of CS6, on top of  CS5.5. When I start the installation of CS6 I get an error for Adobe Flash Player 4.6 saying it is conflicting with a previous version. How d

  • Mac Pro Adc Displays

    Hi Since Friday i have a Mac Pro. I connect my old Adc Cinema Display, with an ADC-DVI Adapter. Everything work fine. I have another 17" ADC Display. Is it possible to connect two ADC Displays, with two ADC-DVI Adaperts to the NVIDIA GeForce 7300 GT

  • How to call apple uae

    Hi i need to know how can i call UAE apple store when im Abroad ( out side uae ) the number is 8000 444 0396 i tried +971 8000 444 0396 and +971 48000 444 0396 both are not working

  • 802.11n Broke My MacBook Pro

    Since I installed the 802.11n enabler software yesterday, my mac has hung up on my about a dozen times, and the problem is getting worse. I can no longer use my MBP if my airport is turned on. This has happened while being connected to the Airport Ex