Table Of Contents
Configuring Hosted NAT Traversal for Session Border Controller
First Published: June 19, 2006
Last Updated: June 19, 2006
The Cisco IOS Hosted NAT Traversal for Session Border Controller Phase-1 feature enables a Cisco IOS Network Address Translation (NAT) Session Initiation Protocol (SIP) Application Level Gateway (ALG) router to act as a Session Border Controller (SBC) on a Cisco Multiservice IP-to-IP Gateway, ensuring a seamless delivery of Voice over IP (VoIP) services.
Finding Feature Information in This Module
Your Cisco IOS software release may not support all of the features documented in this module. to reach links to specific feature documentation in this module and to see a list of the releases in which each feature is supported, use the Configuring Hosted NAT Traversal for Session Border Controller section on page 8.
Finding Support Information for Platforms and Cisco IOS Software Images
Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.
Prerequisites for Configuring Cisco IOS Hosted NAT Traversal for Session Border Controller
•Before you configure the Cisco IOS hosted NAT Traversal for Session Border Controller, you should understand the concepts documented in the "Cisco IOS Hosted NAT Traversal for Session Border Controller Overview"module.
All access lists required for use with the tasks in this module should be configured prior to beginning the configuration task. For information about how to configure an access list, see the "IP Access List Sequence Numbering" document at the following URL:
Before performing the tasks in this module, you should verify that SIP has not been disabled. SIP is enabled by default.
Restrictions for Configuring Cisco IOS Hosted NAT Traversal for Session Border Controller
•Phase 1 supports flow- around mode for inside to inside calls and flow-through for inside to outside calls for the media calls.
•If the intermediate routers between the inside phones and the NAT SBC are configured to do Port Address Translation (PAT), it is required that the User Agents (phones and proxy) support symmetric signaling and symmetric & early-media. The "override port" needs to be configured on the NAT SBC router. In the absence of support for symmetric signaling and symmetric/early-media, it is required that the intermediate routers be configured ton non-PAT and the "override address" should be configured in the NAT SBC.
Information About Configuring Cisco IOS Hosted NAT Traversal for Session Border Controller
Before you configure the Cisco IOS Hosted NAT Traversal for Session Border Controller, you should understand the following concepts:
Voice and Multimedia over IP Networks
SIP is a protocol developed by the Internet Engineering Task Force (IETF) Multiparty Multimedia Session Control (MMUSIC) Working Group. The Cisco SIP functionality equips Cisco routers to signal the setup of voice and multimedia calls over IP networks. SIP provides an alternative to H.323 within the VoIP internetworking software.
Session Description Protocol (SDP) is a protocol that describes multimedia sessions. SDP may be used in SIP message bodies to describe multimedia sessions used for creating and controlling multimedia sessions with two or more participants.
Cisco IOS Hosted NAT Traversal for Session Border Controller Overview
Private IP addresses and ports inserted in the packet payload by client devices such as IP phones and video conferencing stations are not routable in public networks using NAT. In addition, intermediate routers between the inside phones and the NAT SBC can have non-ALB functionality. Hosted NAT traversal handles signaling and media streams involved in setting up, conducting, and tearing down calls, traversing these intermediate routers.
Figure 1 illustrates how the NAT SBC handles embedded SIP/SDP information for the address and port allocation differentiating overlapped embedded information.
Figure 1 NAT as SIP Session Border Controller
The inside phones have the proxy configured as the NAT SBC's preconfigured address and port. NAT SBC has the Softswitch's address and port preconfigured as the proxy. The NAT SBC intercepts the packets destined from the inside phones to itself and translates the inside hosts and other information in the SIP/SDP payload as well as the IP/UDP destination address or port to the Softswitch's address and port, and vice versa.
SIP/SDP information is NAT or PAT in order for the Real-Time Transport Protocol (RTP) flow to be directly between the phones in the NAT SBC inside domain.
Address- only fields are not translated by the NAT SIP ALG, and are handled by the NAT SBC except for the Proxy-Authorization and Authorization translation because it will break authentication.
If the intermediate routers between the inside phones and the NAT SBC are configured to do PAT, then it is required that the User Agents (phones and proxy) support symmetric signaling and symmetric/early-media. The "override port" needs to be configured on the NAT SBC router. In the absence of support for symmetric signaling and symmetric/early-media, it is required that the intermediate routers be configured without PAT and the "override address" should be configured in the NAT SBC.
How to Configure Cisco IOS Hosted NAT for Session Border Controller
This section contains the following task:
Configuring Cisco IOS Hosted NAT for Session Border Controller
Perform this task to configure NAT as SIP session border controller.
Note Inside phones need to have the proxy set to 126.96.36.199. The VPN routing/forwarding instance (VRF) configuration as shown is optional.
2. configure terminal
3. ip nat sip-sbc
4. proxy inside-address inside-port outside-address outside-port protocol udp
6. vrf-name vrf-name
8. call-id-pool call-id-pool
9. session-timeout seconds
10. mode allow-flow-around
11. override address
Configuration Examples for Configuring Cisco IOS Hosted NAT for Session Border Controller
This section contains the following configuration example:
•Configuring Cisco IOS Hosted NAT Traversal for Session border Controller: Example, page 6
Configuring Cisco IOS Hosted NAT Traversal for Session Border Controller: Example
The following example shows how to configure a Cisco IOS Hosted NAT Traversal as Session Border Controller.interface ethernet1/1ip nat insideip forwarding A!interface ethernet1/2ip nat insideip forwarding B!interface ethernet1/3ip nat outside!ip nat pool call-id-pool 188.8.131.52ip nat pool outside-pool 184.108.40.206.1.1 220.127.116.11.1.10ip nat pool inside-pool-A 18.104.22.168 22.214.171.124ip nat pool inside-pool-B 126.96.36.199 188.8.131.52ip nat inside source list 1 pool inside-pool-A vrf A overloadip nat inside source list 2 pool inside-pool-B vrf B overloadip nat outside list 3 pool outside-poolip nat inside source list 4 pool call-id-pool!access-list for VRF-A inside-phonesaccess-list 1 permit 10.1.1.0 0.0.0.255access-list 2 permit 184.108.40.206 0.0.0.255!access-=list for call-id-poolaccess-list 4 permit 10.1.1.0 0.0.0.255access-list 4 permit 220.127.116.11 0.0.0.255!ip nat sip-sbcproxy 18.104.22.168 5060 22.214.171.124 5060 protocol udpvrf-listvrf-name Avrf-name Bcall-id-pool call-id-poolsession-timeout 300mode allow-flow-aroundoverride address
The following sections provide references related to configuring Cisco IOS Hosted NAT Traversal as Session Border Controller.
MIBs MIBs Link
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:
Feature Information for Cisco IOS NAT Hosted NAT Traversal
Table 1 lists the features in this module and provides links to specific configuration information. Only features that were introduced or modified in Cisco IOS Release 12.4(9)T or a later release appear in the table.
For information on a feature in this technology that is not documented here, see the "Configuring Network Address Translation Features Roadmap."
Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation.
Cisco IOS software images are specific to a Cisco IOS software release, a feature set, and a platform. Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn.
Note Table 1 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.
Copyright © 2006 Cisco Systems, Inc. All rights reserved.
This module first published June 19, 2006. Last updated June 19, 2006.