RTP IP- NAT
I am developing an RTP program that is streaming audio data to another computer. I know RTP can stream to certain computers on your own IP address via NAT addresses, but can you stream to a certain NAT address on an IP address other than your own? Thanks!
Too bad...
Is there any way to find your own IP address?
This method: InetAddress addr2 = InetAddress.getLocalHost();
byte[] ipAddr2 = addr2.getAddress();
// Convert to dot representation
String ipAddrStr2 = "";
for (int i=0; i<ipAddr2.length; i++) {
if (i > 0) {
ipAddrStr2 += ".";
ipAddrStr2 += ipAddr2&0xFF;
}returns your LAN address, but how do you get your IP. Thx.
Similar Messages
-
Hey folks, have a 5505 with sec+ behind some public IP's for an Avaya remote VoIP SIP application on Android/iOS mobile. No SBC at current time and trying to get the app through a 5505 for both UDP/RTP and TCP (presence, chat, etc). All TCP ports seem to be following the NAT translation just fine, but my RTP streams are having an issue (no audio in either direction). All TCP traffic for the same mobile voip application is working just great via NAT (this traffic goes to an internal server with an object in the ASA titled UC-Server). Ironically, Avaya video conferencing and the same style of NAT also works just fine for RTP via NAT.
The voip app guide says 54000-54500 for the RTP stream and that this should be forwarded internally to the IP phone system (IP-Office is our object in the ASA) when hitting the public IP dedicated to external VoIP (object of UC-Public). I have attached a wireshark of the outside interface (inbound & outbound traffic) of the RTP traffic on the 5505. I also have a screenshot of the nat rule on the GUI side and CLI side.
Here's the kicker, we created a NAT rule identical to the 54000-54500 rule but with the other side of the conversation (9578 on this call example) and audio was perfect in both directions. However, we noticed that depending on how the remote voip client is connected to the internet (whether on 4g or wifi, etc) the other side of the port range (not the 54000-54500) can change by a large margin. I really don't want to just snag all possible ports moving in the other direction as they change dynamically and by a wide range.
I am not sure why the existing NAT statement is not working and the return traffic wont just follow the open socket?I am still confused on why creating the "client side" nat rule would cause any effect on this scenario? The ASA should be seeing the return port traffic on the 54000-54500 range. When comparing other wireshark traffic to this, the flow is setup proper and the port direction wireshark shows is proper as well.
Thoughts? -
Sip passing through nat but rtp is not - no audio
Sip passing through nat but rtp is not
I'm looking at traffic leaving my router with a sniffer. I see SIP traffic but I do not see RTP traffic. The phones ring on both sides but I do not get any audio.
interface f0/0.100
ip address 192.168.10.1 255.255.255.0
ip nat outside
ip nat pool VoIP 192.168.10.1 192.168.10.1 prefix-length 24
ip nat inside source route-map VoIP pool VoIP overload
ip nat inside source static tcp 10.1.1.2 49201 192.168.10.54 49201 extendable
access-list 1 permit ip host 10.1.1.2 any
route-map VoIP permit 10
match ip address 1
match interface f0/0.100
set interface f0/0.100Hello,
You can enable "ip nat service sip" or "ip nat service h323" and "ip nat
service h225" commands. As per the documentation, they are enabled by
default. In the latest IOS there is a new feature added to Cisco IOS that
ensures that even RTP packets get translated to one of the allowed ports as
specified by the RFC. The command to enable the feature is "ip nat service
allow-sip-even-rtp-ports"
http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6640/pro
d_white_paper0900aecd80597bc7.html
Hope this helps.
Regards,
NT -
Send RTP stream to NAT address
Hi,
i want to transmit a RTP stream from a server to a host in a LAN.
This host has a NAT address and it's non real IP address, so i can't send any stream trought usage of SessionManager API because it need to know a public IP.
The other issue is that in a LAN, in most popular cases, there is a firewall that close the connection from internet to their hosts.
I think this solution:
1) LAN's hosts can intiate the connection with server sending a non real RTP data
2)Server store the SessionManager of this connection
3)server can send your RTP stream now
Someone have a more good solution or any suggestion?
Thank for all
[email protected]I have one appletTransmitter that capture video from webcam and transmit it to other client on internet.
I try to transmit medialocator from appletTransmitter to servlet1 and then save MedialLocator as servlet attribute, then other client can connect to servlet2 that send saved MediaLocator to appletClient.
APPLETTRANSMITTER:
URL url=null;
MediaLocator media=new MediaLocator("vfw://0");
try{
url = new URL("http://localhost:8080/servlet1");
catch(MalformedURLException mue){mue.printStackTrace();}
URLConnection conn=null;
try{
conn = url.openConnection();
catch(IOException ioe){ioe.printStackTrace();}
conn.setDoOutput(true);
OutputStream os=null;
ObjectOutputStream oos=null;
InputStream in=null;
ObjectInputStream iin=null;
MediaLocator mResp=null;
String r=null;
try{
os=conn.getOutputStream();
oos=new ObjectOutputStream(os);
oos.writeObject(media);
//oos.writeObject("Prova Servlet");
oos.flush();
catch(IOException io){io.printStackTrace();}
catch(ClassNotFoundException cn){cn.printStackTrace();}
SERVLET1
ObjectInputStream objin = new ObjectInputStream(request.getInputStream());
MediaLocator ml =null;
try{
ml = (MediaLocator) objin.readObject();
context.setAttribute("media",ml);
catch(ClassNotFoundException e)
{e.printStackTrace()}
But on servlet1 there is a ClassNotFoundException: MediaLocator
What do we think about the solution and exception problem?
Best Regards,
Nico from Italy -
7921/7925 rtp traffic thru nat
Hi,
Our nat table does not time out all the udp rtp traffic from 792x wireless phones. Normal 7940/60 works fine and any other traffic. When the "left" time has counted to zero it goes to "timing-out" state and stays there unless we do manual "clear ip nat trans * "
IOS version 12.4.(11)T4 does not have this problem but never and even 15.x has the same issue. I have tested phone load 1.3.3 and 1.3.4SR2 without a change. I have tested a static and dynamic nat and no effect there. I have tested different wireless access points and no effect. It might be a tac case if anyone else has no ideas.
Does anyone have more information what might cause the problem?
Here is an example what fills the translation table:
sh ip nat trans ver
udp 172.16.119.248:20064 10.79.191.244:20064 10.76.134.119:26180 10.76.134.119:26180
create 00:22:22, use 00:21:26 timeout:300000, timing-out,
flags:
extended, use_count: 0, entry-id: 103, lc_entries: 0
udp 172.16.119.248:25824 10.79.191.244:25824 10.76.134.119:16528 10.76.134.119:16528
create 00:23:59, use 00:23:57 timeout:300000, timing-out,
flags:
extended, use_count: 0, entry-id: 98, lc_entries: 0Hi Janne, if this is still a hanging issue, I suggest you move the thread under network infra, routing or switching.
Cheers
Serge -
VOIP over VPN dropp RTP protocol
We are installing a new 2911 ISR in our office and connecting with a Linksys (CISCO) RV016 VPN router. These are two small doctors offices that need to have computer, and Voip traffic over a VPN.
Currently we connect an older RV082 and the RV016 together and have NO issues with VOIP traffic. If we establish a connection with the 2911 router then we are having an issue with no voice or RTP traffic coming through. Phones will connect, and dial out, but no voice can be heard.
The First office is on a Verizon Fios Network with a MTU of 1492. The Network and servers are as follows:
Remote Office Main Office
Linksys Spa 942 phones
|
Netgear 10/100 POE Switch
| =================
Linksys (cisco) RV016 VPN | 2911 |
| | POE Module Sw |
Comcast Cable Modem -------------------------------
| | |
VPN VPN |
+=======================================+ Asterisk
(Call Man)
Basically we have the Internet coming in from Gig0/0 and routing traffic to multiple outside IP addresses so we are using 3 subs in our configuration.
192.168.1.X 192.168.2.X 192.168.3.X 192.168.0.X (Remote Group)
When we connect the old routers (RV016 and RV082) VPN VOIP and Data traffic go fine. We are using a Term Server on one end, Web Server, and the Asterisk PBX for our VOIP Call Manager.
So far we connect up the 2911 and the RV016 and have no issues with data traffic. But the VOIP is dead on the remote end. No sound. We did a Wireshark on traffic, and we are getting some 407 errors from the Astersick Host, and a unknown RTP version 1 error message. THe only thing that we had to do on the RV082 router was port forward UDP 506 and 10001 - 20000 for the traffic, and setup a access rule, but nothing else.
We are getting traffic on the 2911, but nothing else. We have excluded the 192.158.0.X traffic from the NAT so not to get into that issue, and have even tried forwarding ports but nothing seems to help. Is there a good way to route this traffic? Our bandwidth is pretty fast so I am not sure if QoS is needed, but if so it is not one of my strong areas. What is the best way to route this traffic through the VPN without loosing the RTP part of the call.I put this line in and still not getting audio on the other end. I will be doing captures tonight from working and non working phones. I need to get this resolved. I have spent 3 weeks on this issue and I have run out of time. Should I use the DEBUG VOIP SIP command for the capture on the router? I believe this would be the best resolution to the service to see what is going on. The phones work with a RV016 and RV082 router in place. All data traffic works fine in sending and recieving calls.
I have read about all of the articles on Cisco and voip traffic. We are going to be shutting off the natting on the router to see if I can just get the voip traffic to flow. Once we get it flowing then I can work on building up the house on a stable foundation.
At this time, we are routing multiple IP addresses throught the 2911 and have IP NAT OUTSIDE on the G0/0 port and IP NAT INSIDE on the G1/0 Interface, which is a POE Switch Module in the 2911.
I know that the cisco router wants to act as a call manager, or terminate the SIP traffic on the 2911, but we have a working Asterisk box that handles all SIP traffic. If there is a way to just forward the traffic there properly, without the 2911 trying to intercept the traffic, that would be wonderful. I am looking at the possibility of creating dial-peer groups for all of the phones, but really is this needed? What is so frustrating about the whole situation is that I put in a 5 year old sub $200 router and everything works.
Dale -
Hi Guys,
Me again asking for some more help, thanks.
I am trying to deploy a Polycom Access Director behind an ASA 5505 firewall and am having some problems configuring inbound NAT for this device.
Currenlty I am able to dial from an endpoint outbound through the ASA with no problem but am unable to dial into the VC endpoint by the IP address (Traffic is not hitting the Access Director)
This blog post shows what I am trying to achieve along with the ACLs that I have applied.
http://blog.networkfoo.org/2014/02/deploy-polycom-rpad-single-nic-with.html#!/2014/02/deploy-polycom-rpad-single-nic-with.html
These are my NAT Rules
nat (Wireless_LAN,VC_INFRA) source static obj-10.255.222.0 obj-10.255.222.0 destination static obj-10.255.243.0 obj-10.255.243.0
nat (Wireless_LAN,VC_DMZ) source static obj-10.255.222.0 obj-10.255.222.0 destination static obj-10.255.239.0 obj-10.255.239.0
nat (Wireless_LAN,VC_LAN) source static obj-10.255.222.0 obj-10.255.222.0 destination static obj-10.255.243.0 obj-10.255.243.0
nat (VC_INFRA,any) source static obj-10.255.243.0 obj-10.255.243.0 destination static VPNPool-Network VPNPool-Network
object network obj-10.255.222.0
nat (outside,outside) dynamic interface
object network obj-10.255.243.0
nat (outside,outside) dynamic interface
object network obj_any
nat (Wireless_LAN,outside) dynamic interface
object network obj_any-01
nat (VC_DMZ,outside) dynamic interface
object network obj_any-02
nat (VC_INFRA,outside) dynamic interface
object network obj_any-03
nat (VC_LAN,outside) dynamic interface
nat (outside,VC_DMZ) after-auto source static any any destination static interface obj-CV2RPAD1
This is my ACLs
access-list outside_access_in extended permit udp any eq 1719 object-group RPAD_SERVERS_EXT eq 1719
access-list outside_access_in extended permit udp any eq 1720 object-group RPAD_SERVERS_EXT eq 1720
access-list outside_access_in extended permit tcp any gt 1023 object-group RPAD_SERVERS_EXT eq h323
access-list outside_access_in extended permit tcp any gt 1023 object-group RPAD_SERVERS_EXT range 10001 13000
access-list outside_access_in extended permit udp any gt 1023 object-group RPAD_SERVERS_EXT range 20002 30001
access-list outside_access_in extended permit tcp any gt 1023 object-group RPAD_SERVERS_EXT eq sip
access-list outside_access_in extended permit udp any gt 1023 object-group RPAD_SERVERS_EXT eq sip
access-list outside_access_in extended permit tcp any gt 1023 object-group RPAD_SERVERS_EXT eq 5061
access-list outside_access_in extended permit tcp any gt 1023 object-group RPAD_SERVERS_EXT eq 5222
access-list outside_access_in extended permit icmp any any object-group DefaultICMP
access-list dmz_access_in extended permit udp object-group RPAD_SERVERS_EXT range 20002 30001 any range 20002 30001
access-list dmz_access_in extended permit udp object-group RPAD_SERVERS_EXT range 20002 30001 any range 16386 25386
access-list dmz_access_in extended permit udp object-group RPAD_SERVERS_EXT eq 1719 any eq 1719
access-list dmz_access_in extended permit udp object-group RPAD_SERVERS_EXT eq 1720 object-group DMA_SERVERS_INT eq 1720
access-list dmz_access_in extended permit tcp object-group RPAD_SERVERS_EXT range 10001 13000 object-group DMA_SERVERS_INT eq h323
access-list dmz_access_in extended permit tcp object-group RPAD_SERVERS_EXT range 10001 13000 object-group DMA_SERVERS_INT range 36000 61000
access-list dmz_access_in extended permit tcp object-group RPAD_SERVERS_EXT range 13001 15000 any gt 1023
access-list dmz_access_in extended permit udp object-group RPAD_SERVERS_EXT eq sip any gt 1023
access-list dmz_access_in extended permit udp object-group RPAD_SERVERS_EXT eq 5070 object-group DMA_SERVERS_INT eq sip
access-list dmz_access_in extended permit tcp object-group RPAD_SERVERS_EXT range 30001 60000 object-group RM_SERVERS_INT eq https
access-list dmz_access_in extended permit tcp object-group RPAD_SERVERS_EXT range 10001 13000 any gt 1023
access-list dmz_access_in extended permit icmp object-group RPAD_SERVERS_EXT any object-group DefaultICMP
If I move my NAT statement as follows
no nat after-auto 1
nat (outside,VC_DMZ) 5 source static any any destination static interface obj-CV2RPAD1
I am able to dial outbound still with no issues and am also able to intiate a call inbound which partially connects. The call seems to fail at the Capabilities exchange so the RTP media stream does not start up so there is some additional troubleshooting to be done.
However moving this NAT statement has the side effect of breaking the IPSec VPN that I have configured for the Cisco VPN Client, I would like to be able to keep my VPN working and be able to do a port forwards/Static 1:1 NAT towards my RPAD.
Once this is happy and working I can then go and troubleshoot why inbound calls are failing at the cpabilities exchange.Thanks a lot Jon, for assisted me solve this problem.
The weird thing that i can't undestand, is that the icmp was working without a problem using the above mentioned access-list however accesing the web server using www wasn't working.
How you explain that? -
ASA 5505 site to site RTP traffic is hitting deny all rule
Hello,
Got an ASA5505 connected to another endpoint running IPsec and being NAT'd at each end to a 10.0.0.0/24 network. I can pass other types of traffic through the ASA 5505 but not RTP traffic. The moment it is NAT'd and hits the firewall rules it gets denied by the default deny at the bottom of the list.
Currently the rules are as follows
Incoming External
allow ip any any
allow tcp any any
allow udp any any
default deny
Incoming Internal
allow ip any any
allow tcp any any
allow udp any any
default deny
It wont allow us to setup a voip call...however when the same call manager sets up a voip call NOT using this ipsec tunnel it works just fine.Hi Daniel,
I guess there is support feature issue with the ASA sending VOIP traffic over VPN
The ASA Phone Proxy does not support inspection of packets from phones connecting to it over a VPN tunnel. Therefore, sending phone proxy traffic through a VPN tunnel is not supported.
Note The ASA 5500 appliances running version 8.4 can support the Phone Proxy feature when integrated with Unified CM 8.0(x) but do not support Phone Proxy with Unified CM versions 8.5(x) and 8.6(x).
Please do rate if the given information helps.
By
Karthik -
Does anybody have a solution for the NAT problem?
Is somebody's application or Applet able to play any RTP stream behind a NAT Router? Can anybody establish any kind of connection / broadcasting between two subnets? I've got my RTP-Transmitter@public IP (using RTPManager...SendStream.start()), and I try to receive the stream from my local network which is behind a router (DHCP: 192.168....).
I read forums, newsgroups, looked for any solution for days all over the web but I've found nothing. Zero.
What's the secret? Any hints?
Best regards from Munich / Germany,
r.v.Hi
I have the same problem.
I have one appletTransmitter that capture video from webcam and transmit it to other client on internet.
I try to transmit medialocator from appletTransmitter to servlet1 and then save MedialLocator as servlet attribute, then other client can connect to servlet2 that send saved MediaLocator to appletClient.
APPLETTRANSMITTER:
URL url=null;
MediaLocator media=new MediaLocator("vfw://0");
try{
url = new URL("http://localhost:8080/servlet1");
catch(MalformedURLException mue){mue.printStackTrace();}
URLConnection conn=null;
try{
conn = url.openConnection();
catch(IOException ioe){ioe.printStackTrace();}
conn.setDoOutput(true);
OutputStream os=null;
ObjectOutputStream oos=null;
InputStream in=null;
ObjectInputStream iin=null;
MediaLocator mResp=null;
String r=null;
try{
os=conn.getOutputStream();
oos=new ObjectOutputStream(os);
oos.writeObject(media);
//oos.writeObject("Prova Servlet");
oos.flush();
catch(IOException io){io.printStackTrace();}
catch(ClassNotFoundException cn){cn.printStackTrace();}
SERVLET1
ObjectInputStream objin = new ObjectInputStream(request.getInputStream());
MediaLocator ml =null;
try{
ml = (MediaLocator) objin.readObject();
context.setAttribute("media",ml);
catch(ClassNotFoundException e)
{e.printStackTrace()}
But on servlet1 there is a ClassNotFoundException: MediaLocator
What do we think about the solution and exception problem?
Best Regards,
Nico from Italy -
Need help setting up static NAT to internal server
One of my internal servers requires it to be available to the internet I am having a hard time allowing it to be NATed through my Ciscc 2801 router. It seems as though im missing something small. From what I can gather it seems as though its as issue with ACL, but im not sure. I have ran the following command: ip nat inside source static tcp 192.168.5.1 ***WAN IP Address*** 8443 extendable Then I tried to add it to the ACL
via this command: access-list 150 permit tcp any host ***WAN IP Address*** eq 8443
Here is a copy of my config. Please advise. Thanks.
IP 172.19.3.x
sub 255.255.255.128
GW 172.19.3.129
Ciscso 2801 Router
Current configuration : 11858 bytes
version 12.4
service timestamps debug datetime localtime
service timestamps log datetime localtime show-timezone
service password-encryption
hostname router-2801
boot-start-marker
boot-end-marker
logging message-counter syslog
logging buffered 4096
aaa new-model
aaa authentication login userauthen group radius local
aaa authorization network groupauthor local
aaa session-id common
clock timezone est -5
clock summer-time zone recurring last Sun Mar 2:00 1 Sun Nov 2:00
dot11 syslog
ip source-route
ip dhcp excluded-address 172.19.3.129 172.19.3.149
ip dhcp excluded-address 172.19.10.1 172.19.10.253
ip dhcp excluded-address 172.19.3.140
ip dhcp ping timeout 900
ip dhcp pool DHCP
network 172.19.3.128 255.255.255.128
default-router 172.19.3.129
domain-name domain.local
netbios-name-server 172.19.3.7
option 66 ascii 172.19.3.225
dns-server 172.19.3.140 208.67.220.220 208.67.222.222
ip dhcp pool VoiceDHCP
network 172.19.10.0 255.255.255.0
default-router 172.19.10.1
dns-server 208.67.220.220 8.8.8.8
option 66 ascii 172.19.10.2
lease 2
ip cef
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW esmtp
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW streamworks
ip inspect name SDM_LOW tftp
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW vdolive
no ip domain lookup
ip domain name domain.local
multilink bundle-name authenticated
key chain key1
key 1
key-string 7 06040033484B1B484557
crypto pki trustpoint TP-self-signed-3448656681
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3448bb6681
revocation-check none
rsakeypair TP-self-signed-344bbb56681
crypto pki certificate chain TP-self-signed-3448656681
certificate self-signed 01
3082024F
quit
username admin privilege 15 password 7 F55
archive
log config
hidekeys
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key XXXXX address 209.118.0.1
crypto isakmp key xxxxx address SITE B Public IP
crypto isakmp keepalive 40 5
crypto isakmp nat keepalive 20
crypto isakmp client configuration group IISVPN
key 1nsur3m3
dns 172.19.3.140
wins 172.19.3.140
domain domain.local
pool VPN_Pool
acl 198
crypto isakmp profile IISVPNClient
description VPN clients profile
match identity group IISVPN
client authentication list userauthen
isakmp authorization list groupauthor
client configuration address respond
crypto ipsec transform-set myset esp-3des esp-md5-hmac
crypto dynamic-map Dynamic 5
set transform-set myset
set isakmp-profile IISVPNClient
qos pre-classify
crypto map VPN 10 ipsec-isakmp
set peer 209.118.0.1
set peer SITE B Public IP
set transform-set myset
match address 101
qos pre-classify
crypto map VPN 65535 ipsec-isakmp dynamic Dynamic
track 123 ip sla 1 reachability
delay down 15 up 10
class-map match-any VoiceTraffic
match protocol rtp audio
match protocol h323
match protocol rtcp
match access-group name VOIP
match protocol sip
class-map match-any RDP
match access-group 199
policy-map QOS
class VoiceTraffic
bandwidth 512
class RDP
bandwidth 768
policy-map MainQOS
class class-default
shape average 1500000
service-policy QOS
interface FastEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-FE 0$$FW_INSIDE$
ip address 172.19.3.129 255.255.255.128
ip access-group 100 in
ip inspect SDM_LOW in
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
interface FastEthernet0/0.10
description $ETH-VoiceVLAN$$
encapsulation dot1Q 10
ip address 172.19.10.1 255.255.255.0
ip inspect SDM_LOW in
ip nat inside
ip virtual-reassembly
interface FastEthernet0/1
description "Comcast"
ip address PUB IP 255.255.255.248
ip access-group 102 in
ip inspect SDM_LOW out
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map VPN
interface Serial0/1/0
description "Verizon LEC Circuit ID: w0w13908 Site ID: U276420-1"
bandwidth 1536
no ip address
encapsulation frame-relay IETF
frame-relay lmi-type ansi
interface Serial0/1/0.1 point-to-point
bandwidth 1536
ip address 152.000.000.18 255.255.255.252
ip access-group 102 in
ip verify unicast reverse-path
ip inspect SDM_LOW out
ip nat outside
ip virtual-reassembly
frame-relay interface-dlci 500 IETF
crypto map VPN
service-policy output MainQOS
interface Serial0/2/0
description "PAETEC 46.HCGS.788446.CV (Verizon ID) / 46.HCGS.3 (PAETEC ID)"
ip address 123.252.123.102 255.255.255.252
ip access-group 102 in
ip inspect SDM_LOW out
ip nat outside
ip virtual-reassembly
encapsulation ppp
crypto map VPN
service-policy output MainQOS
ip local pool VPN_Pool 172.20.3.130 172.20.3.254
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 50.00.000.110 track 123
ip route 0.0.0.0 0.0.0.0 111.252.237.000 254
ip route 122.112.197.20 255.255.255.255 209.252.237.101
ip route 208.67.220.220 255.255.255.255 50.78.233.110
no ip http server
no ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip flow-top-talkers
top 20
sort-by bytes
ip nat inside source route-map COMCAST interface FastEthernet0/1 overload
ip nat inside source route-map PAETEC interface Serial0/2/0 overload
ip nat inside source route-map VERIZON interface Serial0/1/0.1 overload
ip nat inside source static tcp 172.19.3.140 21 PUB IP 21 extendable
ip access-list extended VOIP
permit ip 172.20.3.0 0.0.0.127 host 172.19.3.190
permit ip host 172.19.3.190 172.20.3.0 0.0.0.127
ip radius source-interface FastEthernet0/0
ip sla 1
icmp-echo 000.67.220.220 source-interface FastEthernet0/1
timeout 10000
frequency 15
ip sla schedule 1 life forever start-time now
access-list 23 permit 172.19.3.0 0.0.0.127
access-list 23 permit 172.19.3.128 0.0.0.127
access-list 23 permit 173.189.251.192 0.0.0.63
access-list 23 permit 107.0.197.0 0.0.0.63
access-list 23 permit 173.163.157.32 0.0.0.15
access-list 23 permit 72.55.33.0 0.0.0.255
access-list 23 permit 172.19.5.0 0.0.0.63
access-list 100 remark "Outgoing Traffic"
access-list 100 deny ip 67.128.87.156 0.0.0.3 any
access-list 100 deny ip host 255.255.255.255 any
access-list 100 deny ip 127.0.0.0 0.255.255.255 any
access-list 100 permit tcp host 172.19.3.190 any eq smtp
access-list 100 permit tcp host 172.19.3.137 any eq smtp
access-list 100 permit tcp any host 66.251.35.131 eq smtp
access-list 100 permit tcp any host 173.201.193.101 eq smtp
access-list 100 permit ip any any
access-list 100 permit tcp any any eq ftp
access-list 101 remark "Interesting VPN Traffic"
access-list 101 permit ip 172.19.3.128 0.0.0.127 172.19.3.0 0.0.0.127
access-list 101 permit ip 172.20.3.128 0.0.0.127 172.19.3.0 0.0.0.127
access-list 101 permit ip 172.19.3.128 0.0.0.127 host 172.19.250.10
access-list 101 permit ip 172.19.3.128 0.0.0.127 host 172.19.250.11
access-list 101 permit tcp any any eq ftp
access-list 101 permit tcp any any eq ftp-data
access-list 102 remark "Inbound Access"
access-list 102 permit udp any host 152.179.53.18 eq non500-isakmp
access-list 102 permit udp any host 152.179.53.18 eq isakmp
access-list 102 permit esp any host 152.179.53.18
access-list 102 permit ahp any host 152.179.53.18
access-list 102 permit udp any host 209.000.000.102 eq non500-isakmp
access-list 102 permit udp any host 209.000.000.102 eq isakmp
access-list 102 permit esp any host 209.000.000.102
access-list 102 permit ahp any host 209.000.000.102
access-list 102 permit udp any host PUB IP eq non500-isakmp
access-list 102 permit udp any host PUB IP eq isakmp
access-list 102 permit esp any host PUB IP
access-list 102 permit ahp any host PUB IP
access-list 102 permit ip 72.55.33.0 0.0.0.255 any
access-list 102 permit ip 107.0.197.0 0.0.0.63 any
access-list 102 deny ip 172.19.3.128 0.0.0.127 any
access-list 102 permit icmp any any echo-reply
access-list 102 permit icmp any any time-exceeded
access-list 102 permit icmp any any unreachable
access-list 102 permit icmp any any
access-list 102 deny ip any any log
access-list 102 permit tcp any host 172.19.3.140 eq ftp
access-list 102 permit tcp any host 172.19.3.140 eq ftp-data established
access-list 102 permit udp any host SITE B Public IP eq non500-isakmp
access-list 102 permit udp any host SITE B Public IP eq isakmp
access-list 102 permit esp any host SITE B Public IP
access-list 102 permit ahp any host SITE B Public IP
access-list 102 permit tcp any host public ip eq 8443
access-list 110 remark "Outbound NAT Rule"
access-list 110 remark "Deny VPN Traffic NAT"
access-list 110 deny ip 172.19.3.128 0.0.0.127 172.19.3.0 0.0.0.127
access-list 110 deny ip 172.19.3.128 0.0.0.127 172.19.10.0 0.0.0.255
access-list 110 deny ip 172.19.10.0 0.0.0.255 172.19.3.128 0.0.0.127
access-list 110 deny ip 172.20.3.128 0.0.0.127 172.19.3.0 0.0.0.127
access-list 110 deny ip 172.19.3.128 0.0.0.127 172.20.3.128 0.0.0.127
access-list 110 deny ip 172.19.3.128 0.0.0.127 host 172.19.250.11
access-list 110 deny ip 172.19.3.128 0.0.0.127 host 172.19.250.10
access-list 110 permit ip 172.19.3.128 0.0.0.127 any
access-list 110 permit ip 172.19.10.0 0.0.0.255 any
access-list 198 remark "Networks for IISVPN Client"
access-list 198 permit ip 172.19.3.0 0.0.0.127 172.20.3.128 0.0.0.127
access-list 198 permit ip 172.19.3.128 0.0.0.127 172.20.3.128 0.0.0.127
access-list 199 permit tcp any any eq 3389
route-map PAETEC permit 10
match ip address 110
match interface Serial0/2/0
route-map COMCAST permit 10
match ip address 110
match interface FastEthernet0/1
route-map VERIZON permit 10
match ip address 110
match interface Serial0/1/0.1
snmp-server community 123 RO
radius-server host 172.19.3.7 auth-port 1645 acct-port 1646 key 7 000000000000000
control-plane
line con 0
line aux 0
line vty 0 4
access-class 23 in
privilege level 15
transport input telnet ssh
line vty 5 15
access-class 23 in
privilege level 15
transport input telnet ssh
scheduler allocate 20000 1000
ntp server 128.118.25.3
ntp server 217.150.242.8
endIf you are planning to use the fa0/1 interface IP itself then the configuration would be:
ip nat inside source static tcp 172.19.3.133 8443 interface fa0/1 8443 extendable
Assuming that you would like to port forward TCP/8443.
Then the ACL should be written:
ip access-list extended 102
2 permit tcp any host eq 8443 -
CME 8.6 running on PUBLIC IP . should I do NAT ?
Hello All
I have a CME 8.6 router with one PUBLIC IP to eth0 interface.
Do you need to do NAT for all IP phone to make and receive calls ?
Currently I have configured NAT and I did not BIND media to any interface . I could able to make calls but Audio is one way . Other party can not hear anyting.
cme#show run
Building configuration...
voice service voip
ip address trusted list
ipv4 192.168.4.0 255.255.255.0
ipv4 x.x.x.x 255.255.255.255
allow-connections sip to sip
no supplementary-service h450.2
no supplementary-service h450.3
no supplementary-service h450.7
no supplementary-service sip moved-temporarily
no supplementary-service sip refer
no supplementary-service sip handle-replaces
sip
registrar server expires max 3600 min 1800
voice register global
mode cme
source-address 192.168.1.3 port 5060
max-dn 60
max-pool 50
load 9971 sip9971.9-4-1SR1-2
load 9951 sip9951.9-4-1SR1-2
authenticate register
date-format D/M/Y
tftp-path flash:
create profile sync 002035708611093A
ntp-server 128.138.141.172 mode directedbroadcast
camera
video
voice register dn 10
number 123
allow watch
label Home
voice register pool 1
id mac 00000000
type 9971
number 1 dn 1
dtmf-relay rtp-nte
username 111 password 111
codec g711ulaw
camera
video
voice-card 0
dsp services dspfarm
interface GigabitEthernet0/0
ip address XXXXXXXX
ip access-group tool_check in
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
interface GigabitEthernet0/1
no ip address
duplex auto
speed auto
interface GigabitEthernet0/1.1000
encapsulation dot1Q 1000
ip address 192.168.1.3 255.255.255.0
ip nat inside
ip virtual-reassembly in
router ospf 1
network 0.0.0.0 255.255.255.255 area 0
ip forward-protocol nd
ip http server
ip http authentication local
no ip http secure-server
ip nat inside source list 7 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 x.x.x.x
ip access-list extended tool_check
permit ip host x.x.x.x any
deny ip any any
access-list 7 permit 192.168.1.0 0.0.0.255
tftp-server flash:sip9971.9-4-1SR1-2.loads alias sip9971.9-4-1SR1-2.loads
tftp-server flash:sip9951.9-4-1SR1-2.loads alias sip9951.9-4-1SR1-2.loads
tftp-server flash:dkern9971.100609R2-9-4-1SR1-2.sebn alias dkern9971.100609R2-9-4-1SR1-2.sebn
tftp-server flash:kern9971.9-4-1SR1-2.sebn alias kern9971.9-4-1SR1-2.sebn
tftp-server flash:rootfs9971.9-4-1SR1-2.sebn alias rootfs9971.9-4-1SR1-2.sebn
tftp-server flash:sboot9971.031610R1-9-4-1SR1-2.sebn alias sboot9971.031610R1-9-4-1SR1-2.sebn
tftp-server flash:skern9971.022809R2-9-4-1SR1-2.sebn alias skern9971.022809R2-9-4-1SR1-2.sebn
tftp-server flash:dkern9951.100609R2-9-4-1SR1-2.sebn alias dkern9951.100609R2-9-4-1SR1-2.sebn
tftp-server flash:kern9951.9-4-1SR1-2.sebn alias kern9951.9-4-1SR1-2.sebn
tftp-server flash:rootfs9951.9-4-1SR1-2.sebn alias rootfs9951.9-4-1SR1-2.sebn
tftp-server flash:sboot9951.031610R1-9-4-1SR1-2.sebn alias sboot9951.031610R1-9-4-1SR1-2.sebn
tftp-server flash:skern9951.022809R2-9-4-1SR1-2.sebn alias skern9951.022809R2-9-4-1SR1-2.sebn
tftp-server flash:English_United_States/gd-sip.jar alias gd-sip.jar
tftp-server flash:g4-tones.xml alias United_States/g4-tones.xml
tftp-server flash:gd-sip.jar alias English_United_States/gd-sip.jar
tftp-server flash:sip9971.9-1-1SR1.loads alias sip9971.9-1-1SR1.loads
tftp-server flash:dkern9971.100609R2-9-1-1SR1.sebn alias dkern9971.100609R2-9-1-1SR1.sebn
tftp-server flash:kern9971.9-1-1SR1.sebn alias kern9971.9-1-1SR1.sebn
tftp-server flash:rootfs9971.9-1-1SR1.sebn alias rootfs9971.9-1-1SR1.sebn
tftp-server flash:sboot9971.031610R1-9-1-1SR1.sebn alias sboot9971.031610R1-9-1-1SR1.sebn
tftp-server flash:skern9971.022809R2-9-1-1SR1.sebn alias skern9971.022809R2-9-1-1SR1.sebn
dial-peer voice 21 voip
description 13
destination-pattern 13....
b2bua
session protocol sipv2
session target dns:x.x.x.x
dtmf-relay rtp-nte
codec g711ulaw
no vad
sip-ua
timers connect 100
telephony-service
no auto-reg-ephone
max-dn 60
ip source-address 192.168.1.3 port 2000
max-redirect 9
cnf-file location flash:
date-format dd-mm-yy
max-conferences 8 gain -6
call-park system application
moh flash:/music-on-hold.au
transfer-system full-consult
secondary-dialtone 0
after-hours block pattern 1 001
after-hours block pattern 2 011
after-hours block pattern 3 000
after-hours day Sun 00:00 23:59
after-hours day Mon 00:00 23:59
after-hours day Tue 00:00 23:59
after-hours day Wed 00:00 23:59
after-hours day Thu 00:00 23:59
after-hours day Fri 00:00 23:59
after-hours day Sat 00:00 23:59
create cnf-files version-stamp 7960 Jan 21 2015 09:19:19
Could anyone please help me what I am missing ?
ThanksCall Apple to see about purchasing Snow Leopard on a disc. I was able to do so even though it doesn't show in the online store. I think it was around $20. Once you install that, run Software Update to get up to 10.6.8.
You don't need to have 10.7 or 10.8 to get to Mavericks (as long as your machine will support it). -
Hello all,
I have a router 1812 Version 12.4(15)T16, RELEASE SOFTWARE (fc2). Router is doing NAT.
I have a lifesize videoconference system. Calls with h323 are dropped after 30 seconds.
I have ip inspect rule :
- ip inspect name SDM_LOW h323
- ip inspect name SDM_LOW h323callsigalt
interface FastEthernet0
ip address xxx.xxx.xxx.xxx 255.255.255.248
ip access-group 102 in
ip verify unicast reverse-path
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat outside
ip inspect SDM_LOW out
ip virtual-reassembly
ip route-cache flow
speed 100
full-duplex
crypto map SDM_CMAP_1
service-policy input sdmappfwp2p_SDM_LOW
service-policy output sdmappfwp2p_SDM_LOW
When I start a communication, I have
sh ip inspect sessions
Session 85AE7150 (50.59.87.241:60118)=>(192.168.200.200:60016) h323-RTP-audio SIS_OPEN
Session 85AE12C0 (50.59.87.241:60119)=>(192.168.200.200:60017) h323-RTCP-audio SIS_OPEN
Session 85AE39B0 (192.168.200.200:60001)=>(50.59.87.241:62830) h245-media-control SIS_OPEN
Session 841F7CEC (192.168.200.200:60005)=>(50.59.87.241:1720) h323 SIS_OPEN
Session 85AE20A8 (50.59.87.241:60120)=>(192.168.200.200:60018) h323-RTP-video SIS_OPENING
Session 85ADE0B0 (50.59.87.241:60121)=>(192.168.200.200:60019) h323-RTCP-video SIS_OPENING
Session 85AE4D28 (50.59.87.241:60122)=>(192.168.200.200:60020) h323-RTP-data SIS_OPENING
Session 85ADCD38 (50.59.87.241:60123)=>(192.168.200.200:60021) h323-RTCP-data SIS_OPENING
Pre-gen session 85ADA648 192.168.200.200[1024:65535]=>50.59.87.241[60119:60119] h323-RTCP-audio
Pre-gen session 85AD92D0 192.168.200.200[1024:65535]=>50.59.87.241[60121:60121] h323-RTCP-video
Pre-gen session 85ADB6F8 192.168.200.200[1024:65535]=>50.59.87.241[60123:60123] h323-RTCP-data
Pre-gen session 85AD9008 192.168.200.200[1024:65535]=>50.59.87.241[60118:60118] h323-RTP-audio
Pre-gen session 85AE5848 192.168.200.200[1024:65535]=>50.59.87.241[60119:60119] h323-RTCP-audio
Where 192.168.200.200 is local IP and 50.59.87.241 the server I try to reach.
Any idea of what is going on ? Why calls are dropped after 30 seconds ?
Something with NAT ?Hi Alessandro,
configuration below :
ip inspect tcp reassembly queue length 200
ip inspect tcp reassembly timeout 10
ip inspect name SDM_LOW appfw SDM_LOW
ip inspect name SDM_LOW dns
ip inspect name SDM_LOW https
ip inspect name SDM_LOW icmp
ip inspect name SDM_LOW imap
ip inspect name SDM_LOW pop3
ip inspect name SDM_LOW rcmd
ip inspect name SDM_LOW sqlnet
ip inspect name SDM_LOW tcp
ip inspect name SDM_LOW udp
ip inspect name SDM_LOW http
ip inspect name SDM_LOW h323
ip inspect name SDM_LOW h323callsigalt
ip inspect name SDM_LOW skinny
ip inspect name SDM_LOW sip-tls
ip inspect name SDM_LOW sip
ip inspect name SDM_LOW esmtp max-data 50000000
ip inspect name SDM_LOW cuseeme
ip inspect name SDM_LOW ftp
ip inspect name SDM_LOW netshow
ip inspect name SDM_LOW realaudio
ip inspect name SDM_LOW rtsp
ip inspect name SDM_LOW streamworks
WAN_INTERFACE = xxx.xxx.xxx
interface FastEthernet0
ip address WAN_INTERFACE.226 255.255.255.248
ip access-group 102 in
ip verify unicast reverse-path
ip nbar protocol-discovery
ip flow ingress
ip flow egress
ip nat outside
ip inspect SDM_LOW out
ip virtual-reassembly
ip route-cache flow
speed 100
full-duplex
crypto map SDM_CMAP_1
service-policy input sdmappfwp2p_SDM_LOW
service-policy output sdmappfwp2p_SDM_LOW
Inbound ACL
access-list 102 remark SDM_ACL Category=3
access-list 102 permit tcp any host WAN_INTERFACE.228 eq www log
access-list 102 permit tcp any host WAN_INTERFACE.228 eq 443 log
access-list 102 permit tcp any host WAN_INTERFACE.228 eq 558 log
access-list 102 permit tcp any host WAN_INTERFACE.228 eq 1023 log
access-list 102 permit tcp any host WAN_INTERFACE.228 eq 1024 log
access-list 102 permit tcp any host WAN_INTERFACE.228 eq 1503 log
access-list 102 permit tcp any host WAN_INTERFACE.228 eq 1718 log
access-list 102 permit tcp any host WAN_INTERFACE.228 eq 1719 log
access-list 102 permit tcp any host WAN_INTERFACE.228 eq 1720 log
access-list 102 permit tcp any host WAN_INTERFACE.228 eq 4001 log
access-list 102 permit tcp any host WAN_INTERFACE.228 eq 11720 log
access-list 102 permit tcp any host WAN_INTERFACE.228 eq 17518 log
access-list 102 permit tcp any host WAN_INTERFACE.228 eq 60000 log
access-list 102 permit tcp any host WAN_INTERFACE.228 eq 60001 log
access-list 102 permit tcp any host WAN_INTERFACE.228 eq 60002 log
access-list 102 permit tcp any host WAN_INTERFACE.228 eq 60003 log
access-list 102 permit tcp any host WAN_INTERFACE.228 eq 60004 log
access-list 102 permit tcp any host WAN_INTERFACE.228 eq 60005 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60000 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 1023 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 1024 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 1718 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 1719 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 1720 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 5060 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 17518 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60001 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60002 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60003 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60004 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60005 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60006 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60007 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60008 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60009 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60010 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60011 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60012 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60013 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60014 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60015 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60016 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60017 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60018 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60019 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60020 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60021 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60022 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60023 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60024 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 60025 log
access-list 102 permit udp any host WAN_INTERFACE.228 eq 3389 log
access-list 102 permit tcp any host WAN_INTERFACE.228 eq 3389 log
[ Some ipsec rubles]
access-list 102 permit tcp any host WAN_INTERFACE.230 eq 22
access-list 102 permit tcp any host WAN_INTERFACE.230 eq www
access-list 102 permit tcp any host WAN_INTERFACE.227 eq smtp
access-list 102 permit udp any host WAN_INTERFACE.227 eq 80
access-list 102 permit tcp any host WAN_INTERFACE.227 eq www
access-list 102 permit tcp any host WAN_INTERFACE.227 eq ftp
access-list 102 permit tcp any host WAN_INTERFACE.226 eq 1723
access-list 102 permit tcp any host WAN_INTERFACE.226 eq 47
ip nat inside source static udp LAN_INTERFACE 60000 WAN_INTERFACE.228 60000 route-map SDM_RMAP_32 extendable
ip nat inside source static tcp LAN_INTERFACE 80 WAN_INTERFACE.228 80 route-map SDM_RMAP_15 extendable
ip nat inside source static tcp LAN_INTERFACE 443 WAN_INTERFACE.228 443 route-map SDM_RMAP_7 extendable
ip nat inside source static tcp LAN_INTERFACE 558 WAN_INTERFACE.228 558 route-map SDM_RMAP_47 extendable
ip nat inside source static tcp LAN_INTERFACE 1023 WAN_INTERFACE.228 1023 route-map SDM_RMAP_77 extendable
ip nat inside source static udp LAN_INTERFACE 1023 WAN_INTERFACE.228 1023 route-map SDM_RMAP_78 extendable
ip nat inside source static tcp LAN_INTERFACE 1024 WAN_INTERFACE.228 1024 route-map SDM_RMAP_73 extendable
ip nat inside source static udp LAN_INTERFACE 1024 WAN_INTERFACE.228 1024 route-map SDM_RMAP_74 extendable
ip nat inside source static tcp LAN_INTERFACE 1503 WAN_INTERFACE.228 1503 route-map SDM_RMAP_75 extendable
ip nat inside source static tcp LAN_INTERFACE 1718 WAN_INTERFACE.228 1718 route-map SDM_RMAP_86 extendable
ip nat inside source static udp LAN_INTERFACE 1718 WAN_INTERFACE.228 1718 route-map SDM_RMAP_87 extendable
ip nat inside source static tcp LAN_INTERFACE 1719 WAN_INTERFACE.228 1719 route-map SDM_RMAP_42 extendable
ip nat inside source static udp LAN_INTERFACE 1719 WAN_INTERFACE.228 1719 route-map SDM_RMAP_43 extendable
ip nat inside source static tcp LAN_INTERFACE 1720 WAN_INTERFACE.228 1720 route-map SDM_RMAP_28 extendable
ip nat inside source static udp LAN_INTERFACE 1720 WAN_INTERFACE.228 1720 route-map SDM_RMAP_44 extendable
ip nat inside source static tcp LAN_INTERFACE 4001 WAN_INTERFACE.228 4001 route-map SDM_RMAP_72 extendable
ip nat inside source static udp LAN_INTERFACE 5060 WAN_INTERFACE.228 5060 route-map SDM_RMAP_29 extendable
ip nat inside source static tcp LAN_INTERFACE 11720 WAN_INTERFACE.228 11720 route-map SDM_RMAP_71 extendable
ip nat inside source static tcp LAN_INTERFACE 17518 WAN_INTERFACE.228 17518 route-map SDM_RMAP_45 extendable
ip nat inside source static udp LAN_INTERFACE 17518 WAN_INTERFACE.228 17518 route-map SDM_RMAP_46 extendable
ip nat inside source static tcp LAN_INTERFACE 60000 WAN_INTERFACE.228 60000 route-map SDM_RMAP_30 extendable
ip nat inside source static tcp LAN_INTERFACE 60001 WAN_INTERFACE.228 60001 route-map SDM_RMAP_31 extendable
ip nat inside source static udp LAN_INTERFACE 60001 WAN_INTERFACE.228 60001 route-map SDM_RMAP_33 extendable
ip nat inside source static tcp LAN_INTERFACE 60002 WAN_INTERFACE.228 60002 route-map SDM_RMAP_66 extendable
ip nat inside source static udp LAN_INTERFACE 60002 WAN_INTERFACE.228 60002 route-map SDM_RMAP_34 extendable
ip nat inside source static tcp LAN_INTERFACE 60003 WAN_INTERFACE.228 60003 route-map SDM_RMAP_67 extendable
ip nat inside source static udp LAN_INTERFACE 60003 WAN_INTERFACE.228 60003 route-map SDM_RMAP_35 extendable
ip nat inside source static tcp LAN_INTERFACE 60004 WAN_INTERFACE.228 60004 route-map SDM_RMAP_68 extendable
ip nat inside source static udp LAN_INTERFACE 60004 WAN_INTERFACE.228 60004 route-map SDM_RMAP_36 extendable
ip nat inside source static tcp LAN_INTERFACE 60005 WAN_INTERFACE.228 60005 route-map SDM_RMAP_69 extendable
ip nat inside source static udp LAN_INTERFACE 60005 WAN_INTERFACE.228 60005 route-map SDM_RMAP_37 extendable
ip nat inside source static udp LAN_INTERFACE 60006 WAN_INTERFACE.228 60006 route-map SDM_RMAP_38 extendable
ip nat inside source static udp LAN_INTERFACE 60007 WAN_INTERFACE.228 60007 route-map SDM_RMAP_39 extendable
ip nat inside source static udp LAN_INTERFACE 60008 WAN_INTERFACE.228 60008 route-map SDM_RMAP_48 extendable
ip nat inside source static udp LAN_INTERFACE 60009 WAN_INTERFACE.228 60009 route-map SDM_RMAP_49 extendable
ip nat inside source static udp LAN_INTERFACE 60010 WAN_INTERFACE.228 60010 route-map SDM_RMAP_50 extendable
ip nat inside source static udp LAN_INTERFACE 60011 WAN_INTERFACE.228 60011 route-map SDM_RMAP_51 extendable
ip nat inside source static udp LAN_INTERFACE 60012 WAN_INTERFACE.228 60012 route-map SDM_RMAP_52 extendable
ip nat inside source static udp LAN_INTERFACE 60013 WAN_INTERFACE.228 60013 route-map SDM_RMAP_53 extendable
ip nat inside source static udp LAN_INTERFACE 60014 WAN_INTERFACE.228 60014 route-map SDM_RMAP_54 extendable
ip nat inside source static udp LAN_INTERFACE 60015 WAN_INTERFACE.228 60015 route-map SDM_RMAP_55 extendable
ip nat inside source static udp LAN_INTERFACE 60016 WAN_INTERFACE.228 60016 route-map SDM_RMAP_56 extendable
ip nat inside source static udp LAN_INTERFACE 60017 WAN_INTERFACE.228 60017 route-map SDM_RMAP_57 extendable
ip nat inside source static udp LAN_INTERFACE 60018 WAN_INTERFACE.228 60018 route-map SDM_RMAP_58 extendable
ip nat inside source static udp LAN_INTERFACE 60019 WAN_INTERFACE.228 60019 route-map SDM_RMAP_59 extendable
ip nat inside source static udp LAN_INTERFACE 60020 WAN_INTERFACE.228 60020 route-map SDM_RMAP_60 extendable
ip nat inside source static udp LAN_INTERFACE 60021 WAN_INTERFACE.228 60021 route-map SDM_RMAP_61 extendable
ip nat inside source static udp LAN_INTERFACE 60022 WAN_INTERFACE.228 60022 route-map SDM_RMAP_62 extendable
ip nat inside source static udp LAN_INTERFACE 60023 WAN_INTERFACE.228 60023 route-map SDM_RMAP_63 extendable
ip nat inside source static udp LAN_INTERFACE 60024 WAN_INTERFACE.228 60024 route-map SDM_RMAP_64 extendable
ip nat inside source static udp LAN_INTERFACE 60025 WAN_INTERFACE.228 60025 route-map SDM_RMAP_65 extendable
ip nat inside source static LAN_INTERFACE WAN_INTERFACE.228 route-map SDM_RMAP_76
All SMD_RMAP are like this one below
route-map SDM_RMAP_32 permit 1
match ip address 141
access-list 141 remark SDM_ACL Category=2
access-list 141 deny ip host LAN_INTERFACE 10.0.5.0 0.0.0.31
access-list 141 deny ip host LAN_INTERFACE 10.0.5.40 0.0.0.1
access-list 141 permit udp host LAN_INTERFACE eq 60000 any -
has anyone done this? I am wanting to setup streaming video/audio from an applet (camera) to a server and broadcast out to an applet(browser) I need the server in the middle to manage the viewers. Do I need a specific RTP Server or can I use a regular web server? Thanks.
@rkippen: So, 2 months... Why don't you tell us how to solve the NAT problem, if you have already done it? Consider that he wants to send and receive from an Applet, which means:
1. signing Applets two times
2. writing RTP server
3. Installing JMF @ sender side
4. solving the NAT & firewall problems
5. He will probably try to implement some effects, maybe sound or video or both of them
Two months? All right...
Best regards from Germany,
r.v. -
AE with inbound SIP and RTP over UDP - Will not open ports
I am using a Linksys SPA962 IP Phone via an Airport Express with the latest firmware connecting to an Asterisk PBX (http://www.asterisk.org) over the internet. I may make outbound calls and have my incoming and outgoing audio over RTP with the appropriate UDP ports no problem. But, when I receive an inbound call, I get the SIP INVITE no problem, but the AE refuses to open those RTP ports. I have NAT keep alive at 15 seconds.
Now, I have tried almost every combination. Enabling NAT-PMP forwarding to all of the appropriate IP/Ports, turning it off (really should not be necessary with keep alive on register with the Asterisk). I am stumped, it is almost as of AE does not like UDP for inbound. I have others using Linksys routers with a similar configuration working inbound and outbound no problem.
I am stumped. Ideas? Chuck the AE in the bin?I Googled up the following:
http://lists.apple.com/archives/Macnetworkprog/2006/Jul/msg00040.html
I am having this issue:
http://discussions.apple.com/message.jspa?messageID=7256265#7256265
Are all these things the same issue?
My ISP "tells me" that they will not allow more than one IP address per account. I have a basic cable modem i.e. not a router. Its a D-Link DCM-202. I have been told to try a level-2 switch but I can't see how that will work. As far as I can see the DCM-202 cable modem is bridging to my AEBS so that is allocated the WAN IP address by the ISP's DHCP server. Does this sound right?
I'd like to create an actual DMZ but since my cable modem only has one port I can't see how I can do that unless I use 2 routers. If I try this I am expecting that I'd have complicated port forwarding configurations no? -
How to avoid packate loss in RTP??
Hi,
I am implementing an sip client(user agent) and its working well for PC to PC but the problem is the poor sound quality.
The SIP server for this is configured for NAT,and as a solution of this my sip client is using the same port for send and recieve RTP.
I am using the same RTPManager for transmitting and recieving.
Now the seen is,
Same port is being used for transmitting and recieving the RTP.
I checked the RTPs using some RTP analyzer tool and found that there is 60% packet lose due to which the voice is breaking.
Can anybody help me out to find the solution for this problem.
Please guide me.
Wainting for positive response.
Pramod Shrama
Please goide me to avoid thehi....
c through that when u eturn to tab.... set the form values to the page
i mean if u r using a form bean for ur jsp. use name name atrribute of the sturts html tag. and give the form bean name to the name attribute i hope this would solve your problem
thaks
with rgards
shekhar
Maybe you are looking for
-
Cost of Goods Sold in product costing
Hi Experts, How can we reconcile the cost components with COGS. I am getting the planned cost estimates from the costing Lets us take an exmaple Planned cogs is 150000 Rs. This figure is from cost estimate We are getting the actual cogs as 130000 Rs
-
How to fix conflicting version of adobe flash player 4.6 on CS6 installation?
I am basically just wondering how I go about fixing this issue. I am installing the trial of CS6, on top of CS5.5. When I start the installation of CS6 I get an error for Adobe Flash Player 4.6 saying it is conflicting with a previous version. How d
-
Hi Since Friday i have a Mac Pro. I connect my old Adc Cinema Display, with an ADC-DVI Adapter. Everything work fine. I have another 17" ADC Display. Is it possible to connect two ADC Displays, with two ADC-DVI Adaperts to the NVIDIA GeForce 7300 GT
-
Hi i need to know how can i call UAE apple store when im Abroad ( out side uae ) the number is 8000 444 0396 i tried +971 8000 444 0396 and +971 48000 444 0396 both are not working
-
802.11n Broke My MacBook Pro
Since I installed the 802.11n enabler software yesterday, my mac has hung up on my about a dozen times, and the problem is getting worse. I can no longer use my MBP if my airport is turned on. This has happened while being connected to the Airport Ex