Guest

Support

Configuring Cisco IOS Hosted NAT Traversal for Session Border Controller

  • Viewing Options

  • PDF (229.8 KB)
  • Feedback
Configuring Hosted NAT Traversal for Session Border Controller

Table Of Contents

Configuring Hosted NAT Traversal for Session Border Controller

Contents

Prerequisites for Configuring Cisco IOS Hosted NAT Traversal for Session Border Controller

Restrictions for Configuring Cisco IOS Hosted NAT Traversal for Session Border Controller

Information About Configuring Cisco IOS Hosted NAT Traversal for Session Border Controller

Voice and Multimedia over IP Networks

Cisco IOS Hosted NAT Traversal for Session Border Controller Overview

How to Configure Cisco IOS Hosted NAT for Session Border Controller

Configuring Cisco IOS Hosted NAT for Session Border Controller

Configuration Examples for Configuring Cisco IOS Hosted NAT for Session Border Controller

Configuring Cisco IOS Hosted NAT Traversal for Session Border Controller: Example

Additional References

Related Documents

Standards

MIBs

Technical Assistance

Feature Information for Cisco IOS NAT Hosted NAT Traversal


Configuring Hosted NAT Traversal for Session Border Controller


First Published: June 19, 2006

Last Updated: June 19, 2006

The Cisco IOS Hosted NAT Traversal for Session Border Controller Phase-1 feature enables a Cisco IOS Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Level Gateway (ALG) router to act as a Session Border Controller (SBC) on a Cisco Multiservice IP-to-IP Gateway, ensuring a seamless delivery of Voice over IP (VoIP) services.

Finding Feature Information in This Module

Your Cisco IOS software release may not support all of the features documented in this module. to reach links to specific feature documentation in this module and to see a list of the releases in which each feature is supported, use the Configuring Hosted NAT Traversal for Session Border Controller section on page 8.

Finding Support Information for Platforms and Cisco IOS Software Images

Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Contents

Prerequisites for Configuring Cisco IOS Hosted NAT Traversal for Session Border Controller

Information About Configuring Cisco IOS Hosted NAT Traversal for Session Border Controller

How to Configure Cisco IOS Hosted NAT for Session Border Controller

Configuration Examples for Configuring Cisco IOS Hosted NAT for Session Border Controller

Additional References

Feature Information for Cisco IOS NAT Hosted NAT Traversal

Prerequisites for Configuring Cisco IOS Hosted NAT Traversal for Session Border Controller

Before you configure the Cisco IOS hosted NAT Traversal for Session Border Controller, you should understand the concepts documented in the "Cisco IOS Hosted NAT Traversal for Session Border Controller Overview"module.

All access lists required for use with the tasks in this module should be configured prior to beginning the configuration task. For information about how to configure an access list, see the "IP Access List Sequence Numbering" document at the following URL:

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fsaclseq.htm

Before performing the tasks in this module, you should verify that SIP has not been disabled. SIP is enabled by default.

Restrictions for Configuring Cisco IOS Hosted NAT Traversal for Session Border Controller

Phase 1 supports flow- around mode for inside to inside calls and flow-through for inside to outside calls for the media calls.

If the intermediate routers between the inside phones and the NAT SBC are configured to do Port Address Translation (PAT), it is required that the User Agents (phones and proxy) support symmetric signaling and symmetric & early-media. The "override port" needs to be configured on the NAT SBC router. In the absence of support for symmetric signaling and symmetric/early-media, it is required that the intermediate routers be configured ton non-PAT and the "override address" should be configured in the NAT SBC.

Information About Configuring Cisco IOS Hosted NAT Traversal for Session Border Controller

Before you configure the Cisco IOS Hosted NAT Traversal for Session Border Controller, you should understand the following concepts:

Voice and Multimedia over IP Networks

Cisco IOS Hosted NAT Traversal for Session Border Controller Overview

Voice and Multimedia over IP Networks

SIP is a protocol developed by the Internet Engineering Task Force (IETF) Multiparty Multimedia Session Control (MMUSIC) Working Group. The Cisco SIP functionality equips Cisco routers to signal the setup of voice and multimedia calls over IP networks. SIP provides an alternative to H.323 within the VoIP internetworking software.

Session Description Protocol (SDP) is a protocol that describes multimedia sessions. SDP may be used in SIP message bodies to describe multimedia sessions used for creating and controlling multimedia sessions with two or more participants.

Cisco IOS Hosted NAT Traversal for Session Border Controller Overview

Private IP addresses and ports inserted in the packet payload by client devices such as IP phones and video conferencing stations are not routable in public networks using NAT. In addition, intermediate routers between the inside phones and the NAT SBC can have non-ALB functionality. Hosted NAT traversal handles signaling and media streams involved in setting up, conducting, and tearing down calls, traversing these intermediate routers.

Figure 1 illustrates how the NAT SBC handles embedded SIP/SDP information for the address and port allocation differentiating overlapped embedded information.

Figure 1 NAT as SIP Session Border Controller

The inside phones have the proxy configured as the NAT SBC's preconfigured address and port. NAT SBC has the Softswitch's address and port preconfigured as the proxy. The NAT SBC intercepts the packets destined from the inside phones to itself and translates the inside hosts and other information in the SIP/SDP payload as well as the IP/UDP destination address or port to the Softswitch's address and port, and vice versa.

SIP/SDP information is NAT or PAT in order for the Real-Time Transport Protocol (RTP) flow to be directly between the phones in the NAT SBC inside domain.

Address- only fields are not translated by the NAT SIP ALG, and are handled by the NAT SBC except for the Proxy-Authorization and Authorization translation because it will break authentication.

If the intermediate routers between the inside phones and the NAT SBC are configured to do PAT, then it is required that the User Agents (phones and proxy) support symmetric signaling and symmetric/early-media. The "override port" needs to be configured on the NAT SBC router. In the absence of support for symmetric signaling and symmetric/early-media, it is required that the intermediate routers be configured without PAT and the "override address" should be configured in the NAT SBC.

How to Configure Cisco IOS Hosted NAT for Session Border Controller

This section contains the following task:

Configuring Cisco IOS Hosted NAT for Session Border Controller

Configuring Cisco IOS Hosted NAT for Session Border Controller

Perform this task to configure NAT as SIP session border controller.


Note Inside phones need to have the proxy set to 200.1.1.1. The VPN routing/forwarding instance (VRF) configuration as shown is optional.


SUMMARY STEPS

1. enable

2. configure terminal

3. ip nat sip-sbc

4. proxy inside-address inside-port outside-address outside-port protocol udp

5. vrf-list

6. vrf-name vrf-name

7. exit

8. call-id-pool call-id-pool

9. session-timeout seconds

10. mode allow-flow-around

11. override address

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

ip nat sip-sbc

Example:

Router(config)# ip nat sip-sbc

Enters IP NAT SBC configuration mode.

Step 4 

proxy inside-address inside-port outside-address outside-port protocol udp

Example:

Router(config-ipnat-sbc)# proxy 200.1.1.1 5060 192.1.1.1 5060 protocol udp

Configures the address or port that the inside phones will be referring to, and the outside proxy's address and port to which the NAT SBC translates the destination IP address and port.

Step 5 

vrf-list

Example:

Router(config-ipnat-sbc)# vrf-list

(Optional) Enters IP NAT SBC VRF configuration mode.

Step 6 

vrf-name vrf-name

Example:

Router(config-ipnat-sbc-vrf)# vrf-name A

Defines SBC VRF list names.

Step 7 

exit

Example:

Router(config-ipnat-sbc-vrf)# exit

Return to IP NAT SBC configuration mode.

Step 8 

call-id-pool call-id-pool

Example:

Router(config-ipnat-sbc)# call-id-pool one

Specifies a dummy pool name for the in > out SIP signaling packet's call ID it will be translated to, and a 1:1 association will be maintained rather than using the regular NAT pool. This pool can be used in an overload scenario.

NAT mapping with appropriate ACL and NAT pool matching this pool name must be configured.

This pool will not be used for any other NAT processing except call ID processing.

Step 9 

session-timeout seconds

Example:

Router(config-ipnat-sbc)# session-timeout 300

Configures the timeout duration for NAT entries pertaining to SIP signaling flows. The default is 5 minutes.

The nat-default keyword can be used to return the session timeout to the NAT default timeout values.

Step 10 

mode allow-flow-around

Example:

Router(config-ipnat-sbc)# mode allow-flow-around

Enables flow around for RTP.

This flow applies to traffic between phones in the inside domain.

Step 11 

override address

Example:

Router(config-ipnat-sbc)# override address

Allows the NAT SBC to override the out > in traffic's destination IP during signaling or RTP traffic, or to override the address and port.

Configuration Examples for Configuring Cisco IOS Hosted NAT for Session Border Controller

This section contains the following configuration example:

Configuring Cisco IOS Hosted NAT Traversal for Session border Controller: Example, page 6

Configuring Cisco IOS Hosted NAT Traversal for Session Border Controller: Example

The following example shows how to configure a Cisco IOS Hosted NAT Traversal as Session Border Controller.

interface ethernet1/1
 ip nat inside
 ip forwarding A
!
interface ethernet1/2
 ip nat inside
 ip forwarding B
!
interface ethernet1/3
 ip nat outside
!
ip nat pool call-id-pool 209.165.202.129
ip nat pool outside-pool 2.2.2.1.1.1 2.2.2.1.1.10
ip nat pool inside-pool-A 169.1.1.1 169.1.1.10
ip nat pool inside-pool-B 170.1.1.1 170.1.1.10
ip nat inside source list 1 pool inside-pool-A vrf A overload
ip nat inside source list 2 pool inside-pool-B vrf B overload
ip nat outside list 3 pool outside-pool
ip nat inside source list 4 pool call-id-pool
!
access-list for VRF-A inside-phones
access-list 1 permit 10.1.1.0 0.0.0.255
access-list 2 permit 172.1.1.0 0.0.0.255
!
access-=list for call-id-pool
access-list 4 permit 10.1.1.0 0.0.0.255
access-list 4 permit 20.1.1.0 0.0.0.255
!
ip nat sip-sbc
 proxy 200.1.1.1 5060 192.1.1.1 5060 protocol udp
 vrf-list
  vrf-name A
  vrf-name B
 call-id-pool call-id-pool
 session-timeout 300
 mode allow-flow-around
 override address

Additional References

The following sections provide references related to configuring Cisco IOS Hosted NAT Traversal as Session Border Controller.

Related Documents

Related Topic
Document Title

NAT commands: complete command syntax, command mode, command history, defaults, usage guidelines, and examples

"IP Addressing Commands" chapter in the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.4T


Standards

Standards
Title

None


MIBs

MIBs
MIBs Link

None

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs


Technical Assistance

Description
Link

The Cisco Technical Support & Documentation website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.

http://www.cisco.com/techsupport


Feature Information for Cisco IOS NAT Hosted NAT Traversal

Table 1 lists the features in this module and provides links to specific configuration information. Only features that were introduced or modified in Cisco IOS Release 12.4(9)T or a later release appear in the table.

For information on a feature in this technology that is not documented here, see the "Configuring Network Address Translation Features Roadmap."

Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.

Cisco IOS software images are specific to a Cisco IOS software release, a feature set, and a platform. Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn.


Note Table 1 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.


Table 1 Feature Information for NAT as SIP Session Border Controller

Feature Name
Releases
Feature Configuration Information

Cisco IOS Hosted NAT Traversal for Session Border Controller Phase-1

12.4(9)T

The Cisco IOS Hosted NAT Traversal for Session Border Controller feature provides support for transparency with the use of a proxy device on the NAT outside domain.

NAT as SIP Session Border Controller Support for Address-Only Fields

12.4(9)T

The NAT as SIP Session border Controller Support for Address-Only Fields feature provides support for the translation of SIP address-only fields.

NAT as SIP Session Border Controller Media Flow

12.4(9)T

The NAT as SIP Session border Controller Media Flow feature provides support for flow-around mode for RTP/RTCP exchanges between phones on the inside domain of the SBC.