SIP/NAT/ALG 7200

Hi,
i have a cisco 7204vxr router (c7200-is-mz.123-6f.bin)and on one of the networks (wich is a nat) there are sip clients connected to a sip server on another network. What is happening is that the router is acting as a ALG/SBC changing the sip/spd information inside the packets.Since i have another equipment doing SBC function, i would like to know how to disble it on the 7204vxr.I have searched a lot, but could not find and answer.
Thanks for your help,
AndrÃ© Santos

To disable it on 7204vxr you can use the following commands:
no ip nat service sip tcp port 5060
no ip nat service sip udp port 5060
http://www.cisco.com/en/US/docs/ios/12_2t/12_2t8/feature/guide/ftnatsip.html#wp1031752

Similar Messages

SIP ALG / SIP NAT Traversal

I have a 2900 series router running IOS version 15.1(4). I am trying to connect 3rd party sip softphones to a 3rd party SIP Call controller on the inside. With low-cost firewall/gateways, I normally enable the SIP ALG feature and it will dynamically open the UDP ports for a SIP conversation for the duration of it and then close them. Does cisco IOS firewall have a SIP ALG feature and how do I configure it? Any guidance is much appreciated.
Eddie

Im trying to connect a SIP softphone (on the outside) to a IP PBX on the inside. I am seeing postings that say that "ip nat service sip" is the command that enables that feature, and others say that it breaks it. So far my testings shows that it does break it. Ultimately I want my outside softphone to register to the Phone system as an external IP address. It seems like SIP normally relays the internal IP address and the ALG router will make the translation on outbound and send it to the right source.

SIP ALG for NAT Cisco 3845

Does the SIP ALG for NAT have to be on the router where I am planning on running Call Manager Express for that to work properly, or can I have it running on an upstream router where I am currently preforming NAT functions?

You should be able to run it on either. If you have a choice, it would probably be better to run it on the upstream router. There are some things with SIP that aren't supported with the NAT ALG when the SIP is originated and fixed on the same router. One of these things I can name off hand is the 'sip bind' command which isn't supported on the same box.
It's still very possible to run it on the same box, however. But the SIP ALG doesn't require any information from CME to work properly.

Enabling the sip/alg

Hi
I am looking to use a softphone from a third party software and for that I have just purchased a new BT Home Hub 3 in the hope that it would work (I had BT Home Hub 2 and was told to buy the Home Hub 3) but unfortunately it doesn't.
I was told that ONLY BT can disable my sip/alg and for that I phone the Technical support about 6 times and nobody seems to know what I am talking about. Now, I am with a second router and I cannot get what I am looking for, I am so frustrated.
Does anyone know how I could get the sip/alg disabled?
Many thanks,
Karine

You should be able to run it on either. If you have a choice, it would probably be better to run it on the upstream router. There are some things with SIP that aren't supported with the NAT ALG when the SIP is originated and fixed on the same router. One of these things I can name off hand is the 'sip bind' command which isn't supported on the same box.
It's still very possible to run it on the same box, however. But the SIP ALG doesn't require any information from CME to work properly.

Is no ip nat service sip udp port 5060 a valid cmd?

On
# show ver
Cisco Adaptive Security Appliance Software Version 8.4(3)
Device Manager Version 6.4(7)
Compiled on Fri 06-Jan-12 10:24 by builders
System image file is "disk0:/asa843-k8.bin"
Config file at boot was "startup-config"
FWall up 1 year 33 days
Hardware:   ASA5510, 1024 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash M50FW016 @ 0xfff00000, 2048KB
Encryption hardware device : Cisco ASA-55x0 on-board accelerator (revision 0x0)
                             Boot microcode        : CN1000-MC-BOOT-2.00
                             SSL/IKE microcode     : CNLite-MC-SSLm-PLUS-2.03
                             IPSec microcode       : CNlite-MC-IPSECm-MAIN-2.06
                             Number of accelerators: 1
I keep getting
FWall(config)# no ip nat service sip tcp port 5060                     ^ERROR: % Invalid input detected at '^' marker.

Eric,
This is a command to disable NAT ALG for SIP on IOS routers.
On ASA you can do similar by removing SIP protocol inspection.
If in doubt check the command references, both ASA and IOS versions are available online.
M.

Does Airport Time Capsule have SIP ALG

I have an Airport Time Capsule and am trying to use my Bria 3 App for my company VoIP service, My IT guys have asked if the Airport Time Capsule has SIP ALG turned on. I have'nt a clue where to look, any ideas?

SIP and ALG are features that would be found on commercial grade routers.
The Time Capsule has no settings for VoIP. It is a very simple home router with a built in hard drive.

How to configure multiple outgoing interfaces + NAT + PfR

Hello,
I have the following config running on Cisco2851.
Five interfaces (four ADSL and one LAN 10Mb/s) connected to Internet using pppoe.
Local policy is used to make working route tracking.
The PfR also configured to load balance traffic coming from LAN to Internet.
PAT is also configured with "oer" keyword at the end of string to not relocate working translations.
But the router is not performing good. :-(
After investigation I found that the selection of the exit interface and setting source ip for
NAT is not synchronized. The provider's router just drops the incoming packet due to uRPF check.
Also, the selection of the exit interface is not PFR aware (mode select-exit best) during
NAT session setup, and router selects one of the possible exit interfaces randomly.
I have two questions:
1. How to make synchronization of NAT and Routing to build matching pair of Out_IP=Out_Interface and make my setup working?
2. How to select the less loaded interface during setup of NAT phase and Routing phase and really involve PfR?
Actually, these two questions is just my one requirement: during setup of NAT session, I need
to find less loaded interface (PfR should check current rx/tx load), select it, and keep it untouched.
Thanks,
Sergey
Config:
version 15.1
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
hostname bif
boot-start-marker
boot system flash:c2800nm-adventerprisek9-mz.151-4.M8.bin
boot-end-marker
enable secret 5 $1$3ggj$huERPVt0luOX6qo6
no aaa new-model
crypto pki token default removal timeout 0
dot11 syslog
no ip source-route
ip cef
no ip domain lookup
ip domain name zzz.mgm
no ipv6 cef
multilink bundle-name authenticated
key chain PFR
key 0
key-string 7 107E2F2B
voice-card 0
pfr master
logging
border 192.168.254.254 key-chain PFR
interface Dialer5 external
interface Dialer4 external
interface Dialer3 external
interface Dialer2 external
interface Dialer1 external
interface GigabitEthernet0/0 internal
mode select-exit best
pfr border
logging
local Loopback0
master 192.168.254.254 key-chain PFR
license udi pid CISCO2851 sn FCZ0929
username se privilege 15 secret 5 $1$DUbm$RuZKP8X.19uBtm21
username ru privilege 15 secret 5 $1$1V.h$iotp/bjhUg4ho93d
redundancy
ip ssh version 2
track 1 ip sla 1 reachability
delay down 30 up 15
track 2 ip sla 2 reachability
delay down 30 up 15
track 3 ip sla 3 reachability
delay down 30 up 15
track 4 ip sla 4 reachability
delay down 30 up 15
track 5 ip sla 5 reachability
delay down 30 up 15
interface Loopback0
ip address 192.168.254.254 255.255.255.255
interface GigabitEthernet0/0
description ### LAN ###
ip address 192.168.68.1 255.255.255.0
no ip redirects
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
interface GigabitEthernet0/1
description ### WDSL link to Dialer 5 ###
no ip address
duplex auto
speed auto
pppoe enable group global
pppoe-client dial-pool-number 5
interface ATM0/0/0
description ### DSL link 1 to Dialer 1 ###
no ip address
no atm ilmi-keepalive
shutdown
pvc 1/32
pppoe-client dial-pool-number 1
interface ATM0/1/0
description ### DSL link 2 to Dialer 2 ###
no ip address
no atm ilmi-keepalive
pvc 1/32
pppoe-client dial-pool-number 2
interface ATM0/2/0
description ### DSL link 3 to Dialer 3 ###
no ip address
no atm ilmi-keepalive
pvc 1/32
pppoe-client dial-pool-number 3
interface ATM0/3/0
description ### DSL link 4 to Dialer 4 ###
no ip address
no atm ilmi-keepalive
pvc 1/32
pppoe-client dial-pool-number 4
interface GigabitEthernet1/0
description ### Virtual interface to NME-16ES-1G-P ###
ip address 192.168.254.253 255.255.255.254
interface Dialer1
description ### Dialer for line 1 ###
bandwidth 224
bandwidth receive 1728
ip address negotiated
ip mtu 1492
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
load-interval 30
dialer pool 1
ppp authentication chap callin
ppp chap hostname
ppp chap password
no cdp enable
interface Dialer2
description ### Dialer for line 2 ###
bandwidth 224
bandwidth receive 1728
ip address negotiated
ip mtu 1492
ip flow ingress
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 2
ppp authentication chap callin
ppp chap hostname
ppp chap password
no cdp enable
interface Dialer3
description ### Dialer for line 3 ###
bandwidth 224
bandwidth receive 1728
ip address negotiated
ip mtu 1492
ip flow ingress
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 3
ppp authentication chap callin
ppp chap hostname
ppp chap password
no cdp enable
interface Dialer4
description ### Dialer for line 4 ###
bandwidth 224
bandwidth receive 1728
ip address negotiated
ip mtu 1492
ip flow ingress
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
dialer pool 4
ppp authentication chap callin
ppp chap hostname
ppp chap password
no cdp enable
interface Dialer5
description ### Dialer for WDSL line ###
bandwidth 10000
bandwidth receive 10001
ip address negotiated
ip mtu 1492
ip flow ingress
ip nat outside
ip virtual-reassembly in
encapsulation ppp
ip tcp adjust-mss 1452
load-interval 30
dialer pool 5
ppp authentication chap callin
ppp chap hostname
ppp chap password
no cdp enable
ip local policy route-map LOCAL-PBR
no ip forward-protocol nd
no ip http server
no ip http secure-server
ip nat inside source route-map NAT1 interface Dialer1 overload oer
ip nat inside source route-map NAT2 interface Dialer2 overload oer
ip nat inside source route-map NAT3 interface Dialer3 overload oer
ip nat inside source route-map NAT4 interface Dialer4 overload oer
ip nat inside source route-map NAT5 interface Dialer5 overload oer
ip nat inside source static tcp 192.168.68.160 22 $$$Dialer5-IP$$$ 2222 extendable
ip nat inside source static tcp 192.168.68.160 22 $$$Dialer2-IP$$$ 2222 extendable
ip nat inside source static tcp 192.168.68.160 22 $$$Dialer3-IP$$$ 2222 extendable
ip nat inside source static tcp 192.168.68.160 22 $$$Dialer4-IP$$$ 2222 extendable
ip nat inside source static tcp 192.168.68.230 21 $$$Dialer1-IP$$$ 21 extendable
ip nat inside source static tcp 192.168.68.160 25 $$$Dialer1-IP$$$ 25 extendable
ip nat inside source static tcp 192.168.68.22 143 $$$Dialer1-IP$$$ 143 extendable
ip nat inside source static tcp 192.168.68.22 443 $$$Dialer1-IP$$$ 443 extendable
ip nat inside source static tcp 192.168.68.160 22 $$$Dialer1-IP$$$ 2222 extendable
ip route 0.0.0.0 0.0.0.0 Dialer1 track 1
ip route 0.0.0.0 0.0.0.0 Dialer2 track 2
ip route 0.0.0.0 0.0.0.0 Dialer3 track 3
ip route 0.0.0.0 0.0.0.0 Dialer4 track 4
ip route 0.0.0.0 0.0.0.0 Dialer5 track 5
ip sla 1
icmp-echo 8.8.8.8 source-ip $$$Dialer1-IP$$$
timeout 1000
frequency 5
ip sla schedule 1 life forever start-time now
ip sla 2
icmp-echo 8.8.8.8 source-ip $$$Dialer2-IP$$$
timeout 1000
frequency 5
ip sla schedule 2 life forever start-time now
ip sla 3
icmp-echo 8.8.8.8 source-ip $$$Dialer3-IP$$$
timeout 1000
frequency 5
ip sla schedule 3 life forever start-time now
ip sla 4
icmp-echo 8.8.8.8 source-ip $$$Dialer4-IP$$$
timeout 1000
frequency 5
ip sla schedule 4 life forever start-time now
ip sla 5
icmp-echo 8.8.8.8 source-ip $$$Dialer5-IP$$$
timeout 1000
frequency 5
ip sla schedule 5 life forever start-time now
access-list 100 permit ip any any
access-list 101 permit ip host $$$Dialer1-IP$$$ any
access-list 102 permit ip host $$$Dialer2-IP$$$ any
access-list 103 permit ip host $$$Dialer3-IP$$$ any
access-list 104 permit ip host $$$Dialer4-IP$$$ any
access-list 105 permit ip host $$$Dialer5-IP$$$ any
access-list 199 permit ip 192.168.68.0 0.0.0.255 any
route-map LOCAL-PBR permit 10
match ip address 101
set interface Dialer1
route-map LOCAL-PBR permit 20
match ip address 102
set interface Dialer2
route-map LOCAL-PBR permit 30
match ip address 103
set interface Dialer3
route-map LOCAL-PBR permit 40
match ip address 104
set interface Dialer4
route-map LOCAL-PBR permit 50
match ip address 105
set interface Dialer5
route-map LOCAL-PBR permit 100
match ip address 100
set global
route-map NAT3 permit 10
match ip address 199
match interface Dialer3
route-map NAT2 permit 10
match ip address 199
match interface Dialer2
route-map NAT1 permit 10
match ip address 199
match interface Dialer1
route-map NAT5 permit 10
match ip address 199
match interface Dialer5
route-map NAT4 permit 10
match ip address 199
match interface Dialer4
control-plane
mgcp profile default
line con 0
line aux 0
line 66
no activation-character
no exec
transport preferred none
transport input all
transport output lat pad telnet rlogin lapb-ta mop udptn v120 ssh
line vty 0 4
session-timeout 15
login local
transport input all
line vty 5 15
session-timeout 15
login local
transport input all
scheduler allocate 20000 1000
end
Show ip route:
sh ip route 0.0.0.0
Routing entry for 0.0.0.0/0, supernet
Known via "static", distance 1, metric 0 (connected), candidate default path
Routing Descriptor Blocks:
    directly connected, via Dialer5
      Route metric is 0, traffic share count is 1
* directly connected, via Dialer3
      Route metric is 0, traffic share count is 1
    directly connected, via Dialer4
      Route metric is 0, traffic share count is 1
    directly connected, via Dialer2
      Route metric is 0, traffic share count is 1
Log:
*Apr 16 07:04:18.103: IP: s=192.168.68.2 (GigabitEthernet0/0), d=8.8.4.4, len 66, input feature
*Apr 16 07:04:18.103:     UDP src=61183, dst=53, Stateful Inspection(5), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Apr 16 07:04:18.103: IP: s=192.168.68.2 (GigabitEthernet0/0), d=8.8.4.4, len 66, input feature
*Apr 16 07:04:18.103:     UDP src=61183, dst=53, Ingress-NetFlow(21), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Apr 16 07:04:18.103: IP: s=192.168.68.2 (GigabitEthernet0/0), d=8.8.4.4, len 66, input feature
*Apr 16 07:04:18.103:     UDP src=61183, dst=53, Virtual Fragment Reassembly(25), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Apr 16 07:04:18.103: IP: s=192.168.68.2 (GigabitEthernet0/0), d=8.8.4.4, len 66, input feature
*Apr 16 07:04:18.103:     UDP src=61183, dst=53, Access List(31), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Apr 16 07:04:18.103: IP: s=192.168.68.2 (GigabitEthernet0/0), d=8.8.4.4, len 66, input feature
*Apr 16 07:04:18.103:     UDP src=61183, dst=53, Virtual Fragment Reassembly After IPSec Decryption(39), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Apr 16 07:04:18.103: IP: s=192.168.68.2 (GigabitEthernet0/0), d=8.8.4.4, len 66, input feature
*Apr 16 07:04:18.103:     UDP src=61183, dst=53, MCI Check(80), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Apr 16 07:04:18.103: IP: s=192.168.68.2 (GigabitEthernet0/0), d=8.8.4.4, len 66, input feature
*Apr 16 07:04:18.103:     UDP src=61183, dst=53, TCP Adjust MSS(82), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Apr 16 07:04:18.103: FIBipv4-packet-proc: route packet from GigabitEthernet0/0 src 192.168.68.2 dst 8.8.4.4
*Apr 16 07:04:18.103: FIBfwd-proc: Default:0.0.0.0/0 process level forwarding
*Apr 16 07:04:18.103: FIBfwd-proc: depth 0 first_idx 3 paths 4 long 0(0)
*Apr 16 07:04:18.103: FIBfwd-proc: try path 3 (of 4) v4-ap-Dialer5 first short ext 0(-1)
*Apr 16 07:04:18.103: FIBfwd-proc: v4-ap-Dialer5 valid
*Apr 16 07:04:18.103: FIBfwd-proc: Dialer5 no nh type 3 - deag
*Apr 16 07:04:18.103: FIBfwd-proc: ip_pak_table 0 ip_nh_table 65535 if Dialer5 nh none deag 1 chg_if 0 via fib 0 path type attached prefix
*Apr 16 07:04:18.103: FIBfwd-proc: packet routed to Dialer5 p2p(0)
*Apr 16 07:04:18.103: FIBipv4-packet-proc: packet routing succeeded
*Apr 16 07:04:18.103: FIBfwd-proc: ip_pak_table 0 ip_nh_table 65535 if Dialer5 nh none uhp 1 deag 0 ttlexp 0
*Apr 16 07:04:18.103: FIBfwd-proc: sending link IP ip_pak_table 0 ip_nh_table 65535 if Dialer5 nh none uhp 1 deag 0 chgif 0 ttlexp 0 rec 0
*Apr 16 07:04:18.103: IP: s=$$$Dialer4-IP$$$ (GigabitEthernet0/0), d=8.8.4.4 (Dialer5), len 66, output feature
*Apr 16 07:04:18.103:     UDP src=61183, dst=53, Post-routing NAT Outside(24), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Apr 16 07:04:18.103: IP: s=$$$Dialer4-IP$$$ (GigabitEthernet0/0), d=8.8.4.4 (Dialer5), len 66, output feature
*Apr 16 07:04:18.103:     UDP src=61183, dst=53, Stateful Inspection(27), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Apr 16 07:04:18.103: IP: s=$$$Dialer4-IP$$$ (GigabitEthernet0/0), d=8.8.4.4 (Dialer5), len 66, output feature
*Apr 16 07:04:18.103:     UDP src=61183, dst=53, CCE Post NAT Classification(38), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Apr 16 07:04:18.107: IP: s=$$$Dialer4-IP$$$ (GigabitEthernet0/0), d=8.8.4.4 (Dialer5), len 66, output feature
*Apr 16 07:04:18.107:     UDP src=61183, dst=53, Firewall (firewall component)(39), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Apr 16 07:04:18.107: IP: s=$$$Dialer4-IP$$$ (GigabitEthernet0/0), d=8.8.4.4 (Dialer5), len 66, output feature
*Apr 16 07:04:18.107:     UDP src=61183, dst=53, TCP Adjust MSS(50), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Apr 16 07:04:18.107: IP: s=$$$Dialer4-IP$$$ (GigabitEthernet0/0), d=8.8.4.4 (Dialer5), len 66, output feature
*Apr 16 07:04:18.107:     UDP src=61183, dst=53, NAT ALG proxy(55), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Apr 16 07:04:18.107: IP: s=$$$Dialer4-IP$$$ (GigabitEthernet0/0), d=8.8.4.4 (Dialer5), len 66, output feature
*Apr 16 07:04:18.107:     UDP src=61183, dst=53, Post-Ingress-NetFlow(68), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Apr 16 07:04:18.107: IP: s=$$$Dialer4-IP$$$ (GigabitEthernet0/0), d=8.8.4.4 (Dialer5), len 66, output feature
*Apr 16 07:04:18.107:     UDP src=61183, dst=53, Dialer idle reset(84), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Apr 16 07:04:18.107: IP: s=$$$Dialer4-IP$$$ (GigabitEthernet0/0), d=8.8.4.4 (Dialer5), len 66, output feature
*Apr 16 07:04:18.107:     UDP src=61183, dst=53, Dialer idle reset(85), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
*Apr 16 07:04:18.107: IP: s=$$$Dialer4-IP$$$ (GigabitEthernet0/0), d=8.8.4.4 (Dialer5), g=8.8.4.4, len 66, forward
*Apr 16 07:04:18.107:     UDP src=61183, dst=53
*Apr 16 07:04:18.107: IP: s=$$$Dialer4-IP$$$ (GigabitEthernet0/0), d=8.8.4.4 (Virtual-Access3), len 66, sending full packet
*Apr 16 07:04:18.107:     UDP src=61183, dst=53

hi,is this question is ok?
if you forget do this config like below:
pfr master
learn
delay
throughput
periodic-interval 3
monitor-period 1
pfr master
delay threshold 200
jitter threshold 50
mode route control
mode monitor passive
mode select-exit best
i will do like this,four ADSL connect a switch ,this switch connect a router 2911(with data license)
at 2911 do four pppoe
i want to load balance at this four adsl.

H.323 gateway behind NAT

i configued h.323 gateway (gateway is connected PSTN through FXO) behind internet NAT router and try to call that gateway from a softphone through internet. the dialed PSTN no is ringging but no voice for both ways. Pls refer the attached configuration. Is this a problem with NAT translation?
Thanks in advance!

Yes, you need a version of IOS that has NAT ALG. What IOS are you running?
NAT with ALG can translate the embedded addresses in H225/H245.
Cisco IOS NAT Application Layer Gateways
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_white_paper09186a00801af2b9.shtml
http://www.cisco.com/en/US/products/ps6441/products_configuration_guide_chapter09186a00807819ce.html
Please rate helpful posts.
Dave

No video or screen sharing on iChat 4 between identical MBP's and OS

Hi, like many others, i'm experiencing problems with audio/video calls and screen sharing on iChat 4.
It's really important since my dad lives abroad and is 80 years old, so i need to help him out by taking over control of his MacBookPro when he needs me to.
Here's our setup when it DID work:
We were both in my house, on my network, through my Airport Exreme. We're both running 2009 MacBook Pro's with OSX 10.5.8 on it, and were signed in to iChat through our google account (jabber).
Then he returned back to his home (i'm in Holland, he's in Austria), and since then we can only do text chats on iChat. Whenever we invite eachother for video chat or screen sharing, we get the same error message about a communication error, or telling us the other one 'didn't reply' or something like that. I'll copy-paste the exact message + error details the next time we try.
We tried to solve it by changing services, meaning i signed in through my @mac.com account and he signing in through his AIM account, but with no luck. Also AIM to AIM didn't help.
I'm still on my Airport Extreme, connected to a DSL modem which is branded by my provider, so no idea what it is.
He is on a Speedtouch ST585 wireless DSL router, which he also got from his provider.
Any settings we should check/change? i've read all sorts of stuff about port forwarding, SIP/NAT compatibility and UPNP but that all works rather confusing than clarifying..
Any suggestions would be highly appreciated.
Thanks,
Lexxy
Message was edited by: TheRealLexxy

HI,
Thomson-Alcatel, to give them their Full name, make the Speedtouch Series of Modems
As a Brand they will work with each other no matter if they are a Cable (non routing) modem or a Speedtouch DSL Modem.
So, 2 to 3 (or 3 to 2) will work as they are Alcatels
The computer 1 and computer 2 situation (with said modems) has about a 1 in 5 chance of working based on my personal knowledge of Version 4.3.5 firmware and mush less with later firmware from threads on this board.
The Airport Express does or can do something called Port Mapping Protocol.
It is turned On in the Airport Admin Utility > Internet pane > NAT tab
In some circumstances this can be an issue. (It open ports like UPnP does but in a different way) - IF - the Express in not in Bridge (Off) Mode.
Is the DSL modem you have Routes then the Express should be set to Bridge (Off) Mode so that there is only one DHCP server on your LAN (unless you set the devices to do Static routing)
You could try it without the Express, but I am sure you will get the same results.
Can your Dad reach any of the names in Table 1 http://www.ralphjohns.co.uk/ContactTesters.html ?
(He adds them to his Buddy list and tries Video chats (they Auto Answer) )
There maybe a conflict between the two lots of NAT at your end if the modem and Express are doing DHCP (Share An IP) and your Dad's Alcatel.
It may still be there if it is your modem only and his.
My Personal experience with an Thomson-Alcatel Speedtouch Modem, answering on these boards and doing regular testing with people and work Bosie on this forum which Defcom and I have been involved with - tells me it is the Speedtouch that is the problem.
8:02 PM Saturday; November 14, 2009
Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"

Can I add VOIP Gateway SPA2100-SU to the DMZ of Router BEFSR41 Ver 4 ?

I am having multiple problems with dropped calls; need to reboot my LinkSys VOIP Gateway and so on, and my VOIP provider has suggested the following: "Add your Gateway (the physical device I guess) to the DMZ of your router." We are trying to tell the Router to give this VOIP Gateway, which gets its IP address via DHCP from the router, to essentially give this Gateway carte blanche to any port or destination it wants. I have NO idea how to do this on the BEFSR41, which is a CA model with Version 4 appended to its model number ? Can anyone send me how to advice ? - Mike BRYAN Ottawa Canada PM me for my email.
(Edited post for guideline compliance. Thanks!)
Message Edited by JOHNDOE_06 on 01-22-2008 02:54 PM

First thing is to assign a static IP on the WAN / Internet side of your SPA-2100 so that you can set that IP to the DMZ of the BEFSR41. If you are not sure how to assign a static IP address on the spa2100 or how to open the web interface of the spa2100 and befsr41, then you better refer to the KB articles from www.linksys.com/kb. Just type in something like spa2100 or befsr41.
By the way, you may also enable NAT mapping and NAT Keep alive in your spa2100 aside from opening / forwarding ports in the befsr41 (check out Answer ID 5242). Lastly, enabling Send Resp To Src Port in the spa2100 is another option to try (this is under Voice > SIP > NAT Support Parameters).
It really requires much reading for us beginners to fully understand these devices. I am happy that I learned how to use the KBase site of Linksys since it gives me useful info about their products.

Airport Extreme and Verizon Hub

I recently purchased the Verizon Hub and I am currently using the airport extreme to communicate with it wirelessly. It is working great just one little set back, sometimes when trying to make a phone call i can not hear the phone ringing but in fact it is and eventually the person picks up but sometimes i hang up since i do not hear it ringing. I called verizon and they told me that i had to disable the SIP and ALG. Verizon does not support the airport extreme so im stuck not knowing how to disable this. Could someone please help me.

There is a thread over on the verizon forum. http://forums.verizon.com/vrzn/board/message?board.id=Verizon_Hub&message.id=220 &query.id=34881#M220
Some people have reported getting it to work. Maybe someone there can help.

Cisco ASA, skipping real source port number with PAT.

Hi Experts,
Cisco ASA configuration guide says:
"PAT translates multiple real addresses to a single mapped IP address by translating the real address and source port to the mapped address and a unique port. If available, the real source port number is used for the mapped port. "
Is it possible to skip this ? I do not want to use real source port number. The issue is, when I have a PAT entry with real source port (port 5060), - SIP session doesn't work. With all the other ports numbers,- everything works.

Hi,
Notice that the configuration you try does not modify the real source port at all.
Since you are using the same "object" for the real/mapped service then the configuration above matches traffic where the connections destination is "any" and the destination is "udp 6000 65535" and only when the source is "udp sip" and in that event it keeps the exact same "udp sip" source port as you are using the same "object".
I am not sure if its a software or configuration related issue but I have not gotten this to work reliably on my ASA. I might have to try some other software level.
I guess you would want to match the SIP source port in the Dynamic PAT and avoid using the SIP port as the mapped port?. With that in mind I was thinking something like this
object service UDP-SIP
service udp source eq sip
object service UDP-SIP-MAPPED
service udp source range 30000 31000
nat (VoiP,outside) source dynamic <source network object> interface service UDP-SIP UDP-SIP-MAPPED
Though it seems the above configuration seems to be bypassed by the ASA completely and it seems to use the identical source port as the mapped port even though it matches the configuration.
If I were to change the above configuration from "dynamic" to "static" then the configuration matches but it uses only the first mapped "source" port of "30000". I guess it would only use a different mapped port if you used multiple real source ports also instead of the current single source port "sip".
nat (VoiP,outside) source static <source network object> interface service UDP-SIP UDP-SIP-MAPPED unidirectional
Example from my own ASA.
DYNAMIC
- Matches the configuration but doesnt map the port at all
Phase: 5
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (LAN,WAN) source dynamic LAN-NETWORK interface service SIP SIP-MAPPED
Additional Information:
Dynamic translate 10.0.0.123/5060 to <my pat ip>/5060
STATIC
- Matches the configuration and maps the source port but only uses the first mapped port from the range
Phase: 4
Type: NAT
Subtype:
Result: ALLOW
Config:
nat (LAN,WAN) source static LAN-NETWORK interface service SIP SIP-MAPPED unidirectional
Additional Information:
Static translate 10.0.0.123/5060 to <my pat ip>/30000
I am not really sure if this configuration is reliable at all but its the only thing I can think of at the moment.
Hope this helps :)
- Jouni

CUBE and NAT without SIP ALG

I was wondering if anyone had a CUBE SIP Profile example for rewriting SDP to fix private-to-public IP address in the SDP so that CUBE can be used behind a static NAT without SIP ALG.

Im trying to connect a SIP softphone (on the outside) to a IP PBX on the inside. I am seeing postings that say that "ip nat service sip" is the command that enables that feature, and others say that it breaks it. So far my testings shows that it does break it. Ultimately I want my outside softphone to register to the Phone system as an external IP address. It seems like SIP normally relays the internal IP address and the ALG router will make the translation on outbound and send it to the right source.

SIP ALG feature queries

I have few queries related to SIP ALG feature.
- Is SIP ALG(NAT) and SIP inspection(inspect sip) dependent on each other? Do we need to enable both features on a router? Or are they independent?
My understanding is both are separate features and SIP ALG make sure it open up doors on NAT for any incoming connections from outside using the ports negotiated. And SIP inspection(the 'inspect sip' command) can be added for security purposes to make sure the router when acting as a firewall dynamically allows ports for traversal.
Please correct if my understanding is correct.
- Why do docs/discussions mention SIP ALG feature (enabled by default) breaks communication(one way/disconnects)? Can someone illustrate why would this feature result in a call breaking?
- Is there a difference in these two features in the way it is implemented on an ASA vs routers?
Would be grateful if someone could help on my queries. Tried searching in internet but didn't find clear info.
Thanks,
Karthic

Hello,
It has been always supported on the ASA platform. You just need to turn on the SIP inspection.
Mike

RV016 SIP ALG

Hi
Since 2 week I have some problem with my voip provider .
In my pabx software (3cx) my voip provider is correctly register but sometimes i dont know why I can't received external to internal call.
When i call my voip provider he tell me to disable sip alg of my router but in my RV016 i don't find any option sip alg.
How must i do?
My voip provider tell me to do the command line
no ip nat service sip udp port 5060
in telnet but i search and i can't acces telnet because i don't know login/password
Thanks for your help
Best Regard
Loic

Hi Loic,
Can you try please from the browser : https://IPaddress_of_rv016/f_general_hidden.htm
You will see the SIP ALG option
Please rate the post or mark as answered to help other Cisco Customers
thanks
Mehdi

SIP/NAT/ALG 7200

Similar Messages

Maybe you are looking for