IP Addressing: NAT Configuration Guide, Cisco IOS Release 12.4T
User Defined Source Port Ranges for PAT
Downloads: This chapterpdf (PDF - 116.0KB) The complete bookPDF (PDF - 1.16MB) | Feedback

User Defined Source Port Ranges for PAT

User Defined Source Port Ranges for PAT

Last Updated: December 18, 2011

The User Defined Source Port Ranges for PAT feature enables the specification of source port ranges for Port Address Translation (PAT) for SIP, H.323, and Skinny Real-Time Transport Protocol (RTP) and RTP Control Protocol (RTCP).

Finding Feature Information

Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the Feature Information Table at the end of this document.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Restrictions for User Defined Source Port Ranges for PAT

  • The size of port range that can be reserved is limited to a multiple of 64.
  • The start port for the port range should also be a multiple of 64.

Information About User Defined Source Port Ranges for PAT

User Defined Source Port Ranges for PAT Overview

In order for VoIP traffic to not be in violation of the RTP standards and best practices, even/odd pairing of ports for RTP and RTCP traffic for SIP ALG, Skinny and H.323 has been made available.

Following is a scenario of what happens to VoIP traffic translated using PAT without user defined ports.

The first VoIP traffic getting translated using PAT, would request for port 16384 and would get to use port 16384 for its RTP traffic.

The second VoIP traffic stream getting translated using PAT would also request 16384 for its RTP. Since this port number is already in use by the first call, PAT would translate the 16384 source port for the second phone to 1024 (assuming the port was free) and this would be in violation of the RTP standards/best practices.

A third call would end up using port 1025 and others would increment from there.

Each call after the first call would end up having its inside source port translated to an external port assignment that is out of specifications for RTP, and this would continue until PAT binding fir the first call expires.

Problems associated with RTP traffic being assigned to a non-standard port by PAT:

  • Inability for compressed RTP (cRTP) to be invoked in the return direction, as it only operates on RTP flows with compliant port numbers.
  • Difficulty in properly classifying voice traffic for corresponding QoS treatment.
  • Violation of standard firewall policies that specifically account for RTP/TRCP traffic by specified standard port range.

Even Port Parity

Cisco IOS NAT SIP gateways normally select the next available port+1 for SIP fixup in the NAT translations. The NAT gateway does not check for even/odd pair for RTP/TRCP port numbers, and as a result issues may arise with SIP user agents that are strictly following the encouraged even/odd parity for RTP/RTCP port numbers.

Even port parity for SIP, H.323, and skinny is supported by default and it can be turned off forcing the odd RTP ports allocation.

How to Configure User Defined Source Port Ranges for PAT

Configuring Source Port Ranges for PAT

Perform this task to assign a set of ports and associate a map to them.

SUMMARY STEPS

1.    enable

2.    configure terminal

3.    ip nat portmap mapname application application startport startport size size

4.    ip nat inside source list list - name pool pool - name overload portmap portmap - name


DETAILED STEPS
  Command or Action Purpose
Step 1
enable


Example:

Router> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
configure terminal


Example:

Router# configure terminal

 

Enters global configuration mode.

 
Step 3
ip nat portmap mapname application application startport startport size size


Example:

Router(config)# ip nat portmap NAT-1 application sip-rtp startport 32128 size 128

 

Defines the port map.

 
Step 4
ip nat inside source list list - name pool pool - name overload portmap portmap - name


Example:

Router(config)# ip nat inside source list 1 pool A overload portmap NAT-1

 

Associates the port map to the NAT configuration.

 

Configuring Even Port Parity

Even port parity for H.323, SIP, and skinny is supported by default and can be turned off forcing the odd ports allocation.

Perform this task to enable even port parity.

SUMMARY STEPS

1.    enable

2.    configure terminal

3.    ip nat service allow-h323-even-rtp-ports | allow-sip-even-rtp-ports| allow-skinny-even-rtp-ports


DETAILED STEPS
  Command or Action Purpose
Step 1
enable


Example:

Router> enable

 

Enables privileged EXEC mode.

  • Enter your password if prompted.
 
Step 2
configure terminal


Example:

Router# configure terminal

 

Enters global configuration mode.

 
Step 3
ip nat service allow-h323-even-rtp-ports | allow-sip-even-rtp-ports| allow-skinny-even-rtp-ports


Example:

Router(config)# ip nat service allow-h323-even-rtp-ports

 

Establishes even port parity for H323, the SIP protocol, or the skinny protocol.

 

Configuration Examples for User Defined Source Port Ranges for PAT

Example User Defined Source Port Ranges for PAT

The following examples shows how to assign a set of ports and associate a map to them.

ip nat portmap NAT-I
 cisco-rtp-h323-low
 appl sip-rtp startport 32128 size 128
 appl sip-rtp startport 32000 size 64
ip nat inside source list 1 pool A overload portmap NAT-I

Macros have been defined to make port map configuration easier. The table below lists the name of the macros and the ports.

Table 1 Macro Names and Ports

Macro Name

Ports

Application

cisco-rtp-h323-low

16384-32767

H.323

cisco-rtp-h323-high

49152-65535

H.323

cisco-rtp-skinny-low

16384-32767

Skinny

cisco-rtp-skinny-high

49152-65535

Skinny

cisco-rtp-sip-low

16384-32767

SIP

cisco-rtp-sip-high

49152-65535

SIP

Example Even Port Parity

The following example enables even port parity for H.323.

ip nat service allow-h323-even-rtp-ports

The following example enables even port parity for SIP.

ip nat service allow-sip-even-rtp-ports

The following example enables even port parity for the skinny protocol.

ip nat service allow-skinny-even-rtp-ports

Additional References

Related Documents

Related Topic

Document Title

Cisco IOS commands

Cisco IOS Master Commands List, All Releases

NAT commands: complete command syntax, command mode, defaults, usage guidelines, and examples

Cisco IOS IP Addressing Services Command Reference

Standards

Standards

Title

None

--

MIBs

MIBs

MIBs Link

To locate and download MIBs for selected platforms, Cisco software releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs

Technical Assistance

Description

Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html

Feature Information for User Defined Source Port Ranges for PAT

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Table 2 Feature Information for User Defined Source Port Ranges for PAT

Feature Name

Releases

Feature Information

User Defined Source Port Ranges for PAT

12.4(11)T

The User Defined Source Port Ranges for PAT feature enables the specification of source port ranges for Port Address Translation (PAT) for SIP, H.323, and Skinny Real-Time Transport Protocol (RTP) and RTP Control Protocol (RTCP).

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

© 2011 Cisco Systems, Inc. All rights reserved.