Guest

Support

User Defined Source Port Ranges for PAT

  • Viewing Options

  • PDF (223.6 KB)
  • Feedback
User Defined Source Port Ranges for PAT

Table Of Contents

User Defined Source Port Ranges for PAT

Contents

Restrictions for User Defined Source Port Ranges for PAT

Information About User Defined Source Port Ranges for PAT

User Defined Source Port Ranges for PAT Overview

Even Port Parity

How to Configure Source Port Ranges for PAT

Configuring Source Port Ranges for PAT

Configuration Examples for User Defined Source Port Ranges for PAT

User Defined Source Port Ranges for PAT: Example

How to Configure Even Port Parity

Configuring Even Port Parity

Configuration Examples for Even Port Parity

Even Port Parity: Example

Additional References

Related Documents

Standards

MIBs

Technical Assistance

Feature Information for User Defined Source Port Ranges for PAT


User Defined Source Port Ranges for PAT


First Published: November 17, 2006
Last Updated: November 17, 2006

The User Defined Source Port Ranges for PAT feature enables the specification of source port ranges for Port Address Translation (PAT) for SIP, H.323, and Skinny Real-Time Transport Protocol (RTP) and RTP Control Protocol (RTCP).

Finding Feature Information in This Module

Your Cisco IOS software release may not support all of the features documented in this module. To reach links to specific feature documentation in this module and to see a list of the releases in which each feature is supported, use the "Feature Information for <Phrase Based on Module Title>" section on page 7.

Finding Support Information for Platforms and Cisco IOS and Catalyst OS Software Images

Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Contents

Restrictions for User Defined Source Port Ranges for PAT

Information About User Defined Source Port Ranges for PAT

How to Configure Source Port Ranges for PAT

Configuration Examples for User Defined Source Port Ranges for PAT

How to Configure Even Port Parity

Configuration Examples for Even Port Parity

Command Reference, page 9

Restrictions for User Defined Source Port Ranges for PAT

The size of port range that can be reserved is limited to a multiple of 64.

The start port for the port range should also be a multiple of 64.

Information About User Defined Source Port Ranges for PAT

Before you configure the source port ranges for PAT, you should understand the following concept:

User Defined Source Port Ranges for PAT Overview

Even Port Parity

User Defined Source Port Ranges for PAT Overview

In order for VoIP traffic to not be in violation of the RTP standards and best practices, even/odd pairing of ports for RTP and RTCP traffic for SIP ALG, Skinny and H.323 has been made available.

Following is a scenario of what happens to VoIP traffic translated using PAT without user defined ports.

The first VoIP traffic getting translated using PAT, would request for port 16384 and would get to use port 16384 for its RTP traffic.

The second VoIP traffic stream getting translated using PAT would also request 16384 for its RTP. Since this port number is already in use by the first call, PAT would translate the 16384 source port for the second phone to 1024 (assuming the port was free) and this would be in violation of the RTP standards/best practices.

A third call would end up using port 1025 and others would increment from there.

Each call after the first call would end up having its inside source port translated to an external port assignment that is out of specifications for RTP, and this would continue until PAT binding fir the first call expires.

Problems associated with RTP traffic being assigned to a non-standard port by PAT:

Inability for compressed RTP (cRTP) to be invoked in the return direction, as it only operates on RTP flows with compliant port numbers.

Difficulty in properly classifying voice traffic for corresponding QoS treatment.

Violation of standard firewall policies that specifically account for RTP/TRCP traffic by specified standard port range.

Even Port Parity

Cisco IOS NAT SIP gateways normally select the next available port+1 for SIP fixup in the NAT translations. The NAT gateway does not check for even/odd pair for RTP/TRCP port numbers, and as a result issues may arise with SIP user agents that are strictly following the encouraged even/odd parity for RTP/RTCP port numbers.

Even port parity for SIP, H.323, and skinny is supported by default and it can be turned off forcing the odd RTP ports allocation.

How to Configure Source Port Ranges for PAT

This section contains the following task:

Configuring Source Port Ranges for PAT

Configuring Source Port Ranges for PAT

Perform this task to assign a set of ports and associate a map to them.

SUMMARY STEPS

1. enable

2. configure terminal

3. ip nat port-map mapname application application start startport size size

4. ip nat inside source list list-name pool pool-name overload portmap portmap-name

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

ip nat portmap mapname application application startport startport size size

Example:

Router(config)# ip nat portmap NAT-1 application sip-rtp startport 32128 size 128

Defines the port map.

Step 4 

ip nat inside source list list-name pool pool-name overload portmap portmap-name

Example:

Router(config)# ip nat inside source list 1 pool A overload portmap NAT-1

Associates the port map to the NAT configuration.

Configuration Examples for User Defined Source Port Ranges for PAT

This section provides the following configuration example:

User Defined Source Port Ranges for PAT: Example

User Defined Source Port Ranges for PAT: Example

The following examples shows how to assign a set of ports and associate a map to them.

ip nat portmap NAT-I
 cisco-rtp-h323-low
 appl sip-rtp startport 32128 size 128
 appl sip-rtp startport 32000 size 64
ip nat inside source list 1 pool A overload portmap NAT-I

Macros have been defined to make port map configuration easier. Table 1 lists the name of the macros and the ports.

Table 1 Macro Names and Ports

Macro Name
Ports
Application

cisco-rtp-h323-low

16384-32767

H.323

cisco-rtp-h323-high

49152-65535

H.323

cisco-rtp-skinny-low

16384-32767

Skinny

cisco-rtp-skinny-high

49152-65535

Skinny

cisco-rtp-sip-low

16384-32767

SIP

cisco-rtp-sip-high

49152-65535

SIP


How to Configure Even Port Parity

This section contains the following task:

Configuring Source Port Ranges for PAT

Configuring Even Port Parity

Perform this task to enable even port parity.

SUMMARY STEPS

1. enable

2. configure terminal

3. ip nat service allow-h323-even-rtp-port

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

ip nat service allow-h323-even-rtp-port

Example:

Router(config)# ip nat service allow-h-323-even-rtp-port

Establishes even port parity for H323.

Configuration Examples for Even Port Parity

This section provides the following configuration example:

User Defined Source Port Ranges for PAT: Example

Even Port Parity: Example

The following examples enables even port parity for H.323.

ip nat service allow-h323-even-rtp-port

Additional References

The following sections provide references related to using application level gateways with NAT.

Related Documents

Related Topic
Document Title

NAT commands: complete command syntax, command mode, defaults, usage guidelines, and examples

"IP Addressing Commands" chapter in the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.4T


Standards

Standards
Title

None

 

MIBs

MIBs
MIBs Link

None

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs


Technical Assistance

Description
Link

The Cisco Technical Support website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.

http://www.cisco.com/techsupport


Feature Information for User Defined Source Port Ranges for PAT

Table 2 lists the features in this module and provides links to specific configuration information. Only features that were introduced or modified in Cisco IOS Release 12.2(1) or later appear in the table.

Not all commands may be available in your Cisco IOS software release. For details on when support for specific commands was introduced, see the command reference documents.

For information on a feature in this technology that is not documented here, see the "Configuring Network Address Translation Features Roadmap."

Cisco IOS software images are specific to a Cisco IOS software release, a feature set, and a platform. Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.


Note Table 2 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.


Table 2 Feature Information for Using Application Level Gateways with NAT

Feature Name
Releases
Feature Configuration Information

User Defined Source Port Ranges for PAT feature

12.4(11)T

The User Defined Source Port Ranges for PAT feature enables the specification of source port ranges for Port Address Translation (PAT) for SIP, H.323, and Skinny Real-Time Transport Protocol (RTP) and RTP Control Protocol (RTCP).

The following sections provide information about this feature:

"How to Configure Source Port Ranges for PAT" section

"How to Configure Even Port Parity" section