SIP ALG for NAT Cisco 3845

Similar Messages

• SIP ALG / SIP NAT Traversal

  I have a 2900 series router running IOS version 15.1(4).  I am trying to connect 3rd party sip softphones to a 3rd party SIP Call controller on the inside.  With low-cost firewall/gateways, I normally enable the SIP ALG feature and it will dynamically open the UDP ports for a SIP conversation for the duration of it and then close them.  Does cisco IOS firewall have a SIP ALG feature and how do I configure it?  Any guidance is much appreciated. 
  Eddie

  Im trying to connect a SIP softphone (on the outside) to a IP PBX on the inside.  I am seeing postings that say that "ip nat service sip" is the command that enables that feature, and others say that it breaks it.  So far my testings shows that it does break it.  Ultimately I want my outside softphone to register to the Phone system as an external IP address.  It seems like SIP normally relays the internal IP address and the ALG router will make the translation on outbound and send it to the right source. 

• CUBE and NAT without SIP ALG

  I was wondering if anyone had a CUBE SIP Profile example for rewriting SDP to fix private-to-public IP address in the SDP so that CUBE can be used behind a static NAT without SIP ALG.

  Im trying to connect a SIP softphone (on the outside) to a IP PBX on the inside.  I am seeing postings that say that "ip nat service sip" is the command that enables that feature, and others say that it breaks it.  So far my testings shows that it does break it.  Ultimately I want my outside softphone to register to the Phone system as an external IP address.  It seems like SIP normally relays the internal IP address and the ALG router will make the translation on outbound and send it to the right source. 

• SIP over UDP routing in Cisco 3845

  dear friends,           
  How can we configure the SIP over UDP protocol by Cisco 3845 router?
  For more details please fine the attachment.

  Yes I tried but that is not helpful for me
  How can I contact those people (engage a reputable consultant, or Cisco partner)?
  Also I tried this commands in below.
  voice class codec 1
  codec preference 1 g711alaw
  dial-peer voice 3250 voip
  destination-pattern 3250
  session protocol sipv2
  session target ipv4:10.156.67.6
  session transport udp
  codec g711ulaw
  sip-ua
  retry invite 2
  retry response 2
  retry bye 2
  retry cancel 2
  no inband-alerting
  sip-server ipv4:10.156.67.6
  ip classless
  ip route 0.0.0.0 0.0.0.0 10.157.67.1
  ip route 10.157.67.0 255.255.255.0 10.167.67.225 
  access-list 101 permit ip host 10.156.67.1 host 10.156.67.100
  access-list 101 deny   udp any eq rip any
  access-list 101 deny   udp any any eq rip
  access-list 101 deny   udp any eq isakmp any
  access-list 101 deny   udp any any eq isakmp
  access-list 101 permit ip any any
  snmp-server engineID local 000000090200003094202740
  snmp-server community public RW

• Configuring QoS on Cisco 3845 router for Polycom Video Conferecing

  Dear All,
  We have implemented a Polycom Video Conferecing solution at our Head Office. Using this we communicate with other branch offices through WAN (2mbps, MPLS).
  The problem is that this WAN link is also used for data. When the traffic is high on the link, the voice and the video quality goes down drastically and we experience connection drops.
  At the moment we have configured our Polycom box to communicate at 512kbps speed and we would like to reserve it in our WAN link. In case, video conferencing is not happening we would like it to be utilised by other traffic.
  Can we configure QoS on our Cisco 3845 router to do this? I'm not a Cisco expert and have pressures from Management to correct this before the next conference.
  I have already googled a fair bit but couldn't find something for me.
  Could someone please tell me the exact commands that need to be given on our router to achieve this.
  I'll be very thankful for this help.
  Best Regards.

  Hi,
  You can use something like the following to guarantee 5122k of bandwidth to your video-conferencing bandwidth but to allow that bandwidth to be used by other traffic when it is not being used for video-conferencing:
  class-map VDOConf
  match ip dscp af41
  policy-map WANPolicy
  class VDOConf
  bandwidth 512
  interface
  service-policy output WANPolicy
  Note that the above assumes that your video conferencing traffic is being marked to AF41. If that is not the case, you can always match on the IP address of your polycom device using an ACL:
  class-map VDOConf
  match access-group 101
  access-list 101 permit ip .....
  Hope that helps - pls rate the post if it does.
  Paresh

• Cisco SCCP ATA or Linksys SIP ATA for hotdial

  I need to install hotdial phones onto public access premises.
  I think that the best choice for security reasons is to use simple analog phones connected to ATAs.
  And now the question.
  How can I configure Cisco SCCP ATA for hotdial? (I know how to configure IP phone for hotdial but this configuration don't work with SCCP ATA)
  or
  How can I register Linksys SIP ATA on a Cisco CallManager? (I know how to configure it for a hotdial)

  What version of sip are you using ?

• Does Cisco 3845 with NM-16A/S support OIR feature or Hot swap for this NM.

  Dear Sir
  My customer would like to implement Cisco 3845 with NM-16A/S x 4. I found that Cisco 3845 support OIR function but I am not sure OIR function that Cisco 3845 support, it support with which NM models. Can anyone tell me that NM-16A/S on Cisco 3845 support OIR function on this NM or not.
  Thank you very much
  Wisit

  Hi,
  From what I have read from the following document.
  http://www.cisco.com/en/US/products/ps5855/products_installation_guide_chapter09186a00802ccf1d.html
  Network Modules
  Network modules install directly into slots in the rear of the router. The Cisco 3845 router supports online insertion and removal (OIR, or hot swap) of network modules. The Cisco 3825 router does not support OIR.
  Caution The Cisco 3845 router supports OIR with similar modules only. If you remove a network module, along with any installed WAN or voice interface cards, install another module and card combination exactly like it.
  Interface Cards
  Cisco 3800 series routers do not support OIR (hot swap) of interface cards inserted directly into router slots. You must turn off the router before installing or removing an interface card.
  The Cisco 3825 router and the Cisco 3845 router each provide four interface card slots, labeled on the rear panel by HWIC and a number. Each slot can be occupied by one single-wide WIC, VIC, VWIC, or HWIC.
  Hope this helps
  Sarb

• RV016 SIP ALG

  Hi 
  Since 2 week I have some problem with my voip provider .
  In my pabx software (3cx) my voip provider is correctly register but sometimes i dont know why I can't received external to internal call. 
  When i call my voip provider he tell me to disable sip alg of my router but in my RV016 i don't find any option sip alg.
  How must i do?
  My voip provider tell me to do the command line 
  no ip nat service sip udp port 5060
  in telnet but i search and i can't acces telnet because i don't know login/password 
  Thanks for your help
  Best Regard 
  Loic

  Hi Loic,
  Can you try please from the browser :  https://IPaddress_of_rv016/f_general_hidden.htm
  You will see the SIP ALG option
  Please rate the post or mark as answered to help other Cisco Customers
  thanks
  Mehdi

• SIP ALG feature queries

  I have few queries related to SIP ALG feature.
  - Is SIP ALG(NAT) and SIP inspection(inspect sip) dependent on each other? Do we need to enable both features on a router? Or are they independent?
  My understanding is both are separate features and SIP ALG make sure it open up doors on NAT for any incoming connections from outside using the ports negotiated. And SIP inspection(the 'inspect sip' command) can be added for security purposes to make sure the router when acting as a firewall dynamically allows ports for traversal.
  Please correct if my understanding is correct.
  - Why do docs/discussions mention SIP ALG feature (enabled by default) breaks communication(one way/disconnects)? Can someone illustrate why would this feature result in a call breaking?
  - Is there a difference in these two features in the way it is implemented on an ASA vs routers?
  Would be grateful if someone could help on my queries. Tried searching in internet but didn't find clear info.
  Thanks,
  Karthic

  Hello, 
  It has been always supported on the ASA platform. You just need to turn on the SIP inspection.
  Mike 

• Enabling the sip/alg

  Hi 
  I am looking to use a softphone from a third party software and for that  I have just purchased a new BT Home Hub 3 in the hope that it would work (I had BT Home Hub 2 and was told to buy the Home Hub 3) but unfortunately it doesn't.
  I was told that ONLY BT can disable my sip/alg and for that I phone the Technical support about 6 times and nobody seems to know what I am talking about. Now, I am with a second router and I cannot get what I am looking for, I am so frustrated.
  Does anyone know how I could get the sip/alg disabled?
  Many thanks,
  Karine 

  You should be able to run it on either. If you have a choice, it would probably be better to run it on the upstream router. There are some things with SIP that aren't supported with the NAT ALG when the SIP is originated and fixed on the same router. One of these things I can name off hand is the 'sip bind' command which isn't supported on the same box.
  It's still very possible to run it on the same box, however. But the SIP ALG doesn't require any information from CME to work properly.

• DDR2200 Disable SIP ALG

  Hello;
  I am attempting to assist a friend who was given a DDR2200 by their ISP, Centurytel.
  We are trying to disable the SIP ALG in the gateway but the link is not present when we log into the gateways GUI.
  We've tried to get Centurytel to assist us but all they have done is try to update the firmware.
  software version v00.00.03.45.4e
  hardware version v06
  When we show them where the SIP ALG should be located in the GUI when referencing the DDR2200 user manual (pg 63) but they are not able to explain why we cannot see the link and are unable to assist us further.
  I need to disable the SIP ALG as it's interfering with a SIP based Audio/Video Chat application my friend uses.
  Any assistance would be greatly appreciated?
  Thanks in advance.
  Posted by WebUser Matthew Wichlan

  Hello.
  The standard port for SIP is port 5060, so Cisco runs an ALG on this port.
  You've switched it off, so there os NO ALG running for UDP at least.
  Non standard ports won't be running the SIP ALG by default, although you can switch one on using the command you found.
  Adam

• WRV210 SIP ALG disable?

  Can i disable the wrv210 sip alg ? it messes with my voip provider and must be disabled...i use a pap2T adapter and it works fine for outgoing calls...but after a while incoming calls half ring and i cant answer them.

  please look at this link.....it doesn't state the info on the SIP ALG everyone you look at info on the WRV210...but this clearly states it has it built in to support voip to help traverse the firewall.....but it does it behind the scenes and cannot be turned off
  http://www.cisco.com/en/US/prod/collateral/routers/ps9923/ps9929/data_sheet_c78-502735.html

• Problem with L2TP with Cisco 3845

  Dear all
  I have the following scenario for my dailup network.
  MaxTNT(LAC) ---Ethernet--- Cisco3845 (LNS)
  I have configuered MaxTNT Dailup server to act as LAC and launch a L2TP Tunnel after authenticating with Radius Server. Cisco 3845 acting as LNS estblishes L2TP tunnel with LAC and Dailup Users get connected on it as VPDNpppOE users.
  However problem i am facing is that i don't receieve any authentication request on Cisco LNS. As soon as user gets connect it sents Accouting Request only.
  I need authorization request in order to Push various different AVP from radius. But its not happening.
  Anyone have any idea what could be wrong here?? is thre any specific parameter i need to set up Cisoc.. or on MaxTNT????
  Waiting for reply

  To enable the Layer 2 Tunnel Protocol (L2TP) tunnel server or network access server (NAS) to perform remote authentication, authorization, and accounting (AAA) tunnel authentication and authorization, use the vpdn tunnel authorization network command in global configuration mode. To disable remote tunnel authentication and authorization and return to the default of local tunnel authentication and authorization, use the no form of this command.
  vpdn tunnel authorization network {list-name | default}
  no vpdn tunnel authorization network {list-name | default}

• High CPU Usage on Cisco 3845

  Hi all,
  I'm having high CPU usage with one of my Cisco 3845.
  It works as an IP-IP Gateway and the CPU is quite high when the total number of calls only around 100-200 calls.
  I check the CPU usage with "show process cpu sort" and it looks like there are some "hidden" processes that consuming CPU.
  For example, 41% is total CPU, 25% is due to interrups, so CPU utilization on process level = 41 - 25 = 16%.
  But as showed below, processes don't consume that much CPU, only around 7% ???
  Please help to advise on this case. Any help is highly appreciated..
  Thank you.
  3845-GW#show process cpu sort | ex 0.00%  0.00%  0.00%
  CPU utilization for five seconds: 41%/25%; one minute: 46%; five minutes: 47%
   PID Runtime(ms)     Invoked      uSecs     5Sec   1Min   5Min TTY Process
   382     6619708     1473171       4493      1.59%  1.81%  1.92%   0 CCSIP_SPI_CONTRO
   141     4228940    10181955        415      1.35%  1.51%  1.57%   0 IP Input
    65     2450824      163102      15026        1.19%  1.16%  1.17%   0 Per-Second Jobs
   370     2702292     3709512        728        0.87%  0.88%  0.88%   0 VOIP_RTCP
   224      321680      245640       1309          0.47%  0.49%  0.50%   0 AFW_application_
   112       93940    18093506          5             0.39%  0.31%  0.32%   0 Ethernet Msec Ti
   384     1058280     1553567        681         0.23%  0.28%  0.30%   0 CCSIP_UDP_SOCKET
     2       18148       32905        551                 0.07%  0.03%  0.02%   0 Load Meter
   137       35644     4657843          7               0.07%  0.04%  0.05%   0 IPAM Manager
   189      206392      267959        770            0.07%  0.05%  0.07%   0 TCP Protocols
    30       30792      198554        155               0.07%  0.01%  0.00%   0 ARP Input
   368      145456      176151        825             0.07%  0.04%  0.05%   0 CC-API_VCM
    28        9628       32759        293  0.00%  0.01%  0.00%   0 Environmental mo
    48      221352       37922       5837  0.00%  0.11%  0.11%   0 Net Background
    63       16728       32924        508  0.00%  0.01%  0.00%   0 Compute load avg
    64       72080        2781      25918  0.00%  0.01%  0.00%   0 Per-minute Jobs
     6      371644       29792      12474  0.00%  0.14%  0.12%   0 Check heaps
   176       12216      240288         50  0.00%  0.01%  0.00%   0 CEF: IPv4 proces
   284       36416     4929826          7  0.00%  0.02%  0.01%   0 MMON MENG
   307       12168      806151         15  0.00%  0.01%  0.00%   0 Atheros LED Ctro
   335       35300       19755       1786  0.00%  3.16%  1.00% 708 Virtual Exec
  3845-GW#sh int g0/0
  GigabitEthernet0/0 is up, line protocol is up
    MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
       reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation ARPA, loopback not set
    Keepalive set (10 sec)
    Full Duplex, 1Gbps, media type is RJ45
    output flow-control is XON, input flow-control is XON
    ARP type: ARPA, ARP Timeout 04:00:00
    Last input 00:00:00, output 00:00:00, output hang never
    Last clearing of "show interface" counters never
    Input queue: 0/75/2/56803 (size/max/drops/flushes); Total output drops: 0
    Queueing strategy: fifo
    Output queue: 0/40 (size/max)
    5 minute input rate 1551000 bits/sec, 5751 packets/sec
    5 minute output rate 4207000 bits/sec, 7643 packets/sec
       925128804 packets input, 939078510 bytes, 0 no buffer
       Received 62732 broadcasts (0 IP multicasts)
       0 runts, 0 giants, 2 throttles
       2 input errors, 0 CRC, 0 frame, 2 overrun, 0 ignored
       0 watchdog, 3763438515 multicast, 0 pause input
       1472816545 packets output, 3214770103 bytes, 0 underruns
       0 output errors, 2067720191 collisions, 1 interface resets
       0 unknown protocol drops
       0 babbles, 2281155551 late collision, 0 deferred
       2 lost carrier, 0 no carrier, 0 pause output
       0 output buffer failures, 0 output buffers swapped out
  3845-GW#sh int g0/1
  GigabitEthernet0/1 is up, line protocol is up
    MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
       reliability 255/255, txload 1/255, rxload 1/255
    Encapsulation ARPA, loopback not set
    Keepalive set (10 sec)
    Full Duplex, 1Gbps, media type is RJ45
    output flow-control is XON, input flow-control is XON
    ARP type: ARPA, ARP Timeout 04:00:00
    Last input 00:00:00, output 00:00:00, output hang never
    Last clearing of "show interface" counters never
    Input queue: 0/75/0/30335 (size/max/drops/flushes); Total output drops: 0
    Queueing strategy: fifo
    Output queue: 0/40 (size/max)
    5 minute input rate 1684000 bits/sec, 7697 packets/sec
    5 minute output rate 3372000 bits/sec, 5632 packets/sec
       1484558664 packets input, 2383177786 bytes, 0 no buffer
       Received 208998 broadcasts (0 IP multicasts)
       0 runts, 0 giants, 0 throttles
       2 input errors, 0 CRC, 0 frame, 2 overrun, 0 ignored
       0 watchdog, 3060386282 multicast, 0 pause input
       903478941 packets output, 2814588854 bytes, 0 underruns
       0 output errors, 2910776303 collisions, 1 interface resets
       0 unknown protocol drops
       0 babbles, 4157448025 late collision, 0 deferred
       2 lost carrier, 0 no carrier, 0 pause output
       0 output buffer failures, 0 output buffers swapped out

  Has this been something that just recently started happening, or have you had this issue for a while?  Have you installed any new programs recently?
  You may want to download Glary Utilities, which is a free software(they will ask you if you want to go Pro, just say no, the free version works very well).  There is a module for startup manager.  You can go in and disable stuff that starts with the computer.  I would advise unchecking adobe, java, quicktime, printers, etc.  Anything that doesn't REALLY need to start with the computer.  The nice thing with Glary is that you can restart the computer, and if you find that you need one of the programs to start with windows, you can go back in and enable it again.
  The Celeron 925 processor in your computer is a decent entry level processor, but if there are too many programs running in the background, it can bog down quick.  I would also recommend downloading and running Malwarebytes Anti-malware, to be sure that there is nothing malicous running in the background. 
  Qosmio X875 i7-3630QM, 32GB RAM, OCZ SSD Qosmio X505 i7-920XM, PM55, 16GB RAM, OCZ SSD
  Satellite Pro L350 T9900, GM45, 8GB RAM , Intel 320 SSD (my baby) Satellite L655 i7-620M, HM55, 8GB RAM, Intel 710 SSD (travel system)

• Sip passing through nat but rtp is not - no audio

  Sip passing through nat but rtp is not
  I'm looking at traffic leaving my router with a sniffer. I see SIP traffic but I do not see RTP traffic.  The phones ring on both sides but I do not get any audio.
  interface f0/0.100
  ip address 192.168.10.1 255.255.255.0
  ip nat outside
  ip nat pool VoIP 192.168.10.1  192.168.10.1 prefix-length 24
  ip nat inside source route-map VoIP pool VoIP overload
  ip nat inside source static tcp 10.1.1.2 49201 192.168.10.54 49201 extendable
  access-list 1 permit ip host 10.1.1.2 any
  route-map VoIP permit 10
  match ip address 1
  match interface  f0/0.100
  set interface  f0/0.100

  Hello,
  You can enable "ip nat service sip" or "ip nat service h323" and "ip nat
  service h225" commands. As per the documentation, they are enabled by
  default. In the latest IOS there is a new feature added to Cisco IOS that
  ensures that even RTP packets get translated to one of the allowed ports as
  specified by the RFC. The command to enable the feature is "ip nat service
  allow-sip-even-rtp-ports"
  http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6640/pro
  d_white_paper0900aecd80597bc7.html
  Hope this helps.
  Regards,
  NT