Products & Services

Training & Events

Partner Central

Hierarchical Navigation

HOME
- SUPPORT
  - PRODUCT SUPPORT
    - END-OF-SALE AND END-OF-LIFE PRODUCTS
      - CISCO IOS SOFTWARE RELEASES 12.1 T
        CONFIGURE
        FEATURE GUIDES
        NAT-Enhanced H.225/H.245 Forwarding Engine

Cisco IOS Software Releases 12.1 T

NAT-Enhanced H.225/H.245 Forwarding Engine

Downloads

NAT-Enhanced H.225/H.245 Forwarding Engine

Table Of Contents

NAT—Enhanced H.225/H.245 Forwarding Engine

Feature Overview

Benefits

Related Documents

Supported Platforms

Supported Standards, MIBs, and RFCs

Configuration Tasks

Configuration Examples

Debug Commands

debug ip nat

NAT—Enhanced H.225/H.245 Forwarding Engine

This feature module describes the enhanced Cisco IOS Network Address Translation (NAT) support of H.225/H.245 forwarding engine and includes the following sections:

•Feature Overview

•Supported Platforms

•Supported Standards, MIBs, and RFCs

•Debug Commands

Feature Overview

During the call setup between H.323 terminals, the following protocols are used:

•H.225 Call Signalling

•H.245 Call Control

Both protocol messages contain embedded IP addresses and ports. Any message passing through a router running NAT must be decoded, translated, and encoded back to the packet.

Previously, there was minimal support in NAT for certain H.225/H.245 messages that are used by Microsoft NetMeeting.

Note H.225 RAS (H.323 gatekeepers) is not currently supported.

Benefits

This enhancement provides support for all H.225/H.245 protocol messages and embedded addresses.

Related Documents

•Cisco IOS IP and IP Routing Configuration Guide, Release 12.1

•Cisco IOS IP and IP Routing Command Reference, Release 12.1

Supported Platforms

•Cisco 2500 series

•Cisco 2600 series

•Cisco 3600 series

•Cisco 4000 series

•Cisco 7100 series

•Cisco 7200 series

•Cisco 7500 series

•Cisco 7700 series

Supported Standards, MIBs, and RFCs

Standards

No new or modified standards are supported by this feature.

MIBs

No new or modified MIBs are supported by this feature.

To obtain lists of supported MIBs and how to use MIBs, see the Cisco MIB web site on CCO at http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml.

RFCs

No new or modified RFCs are supported by this feature.

Configuration Tasks

None

Configuration Examples

None

Debug Commands

This section documents the modified debug ip nat command. All other commands used with this feature are documented in the Cisco IOS Release 12.1 command reference publications.

debug ip nat

To display information about IP packets translated by the IP Network Address Translation (NAT) feature, use the debug ip nat privileged EXEC command. To disable debugging output, use the no form of this command.

debug ip nat [access-list | detailed | h323 | pptp]
no debug ip nat [access-list | detailed | h323 | pptp]
Syntax Description

access-list

(Optional) Standard IP access list number. If the datagram is not permitted by the specified access list, the related debugging output is suppressed.

detailed

(Optional) Displays debug information in a detailed format.

h323

(Optional) Displays H.225/H.245 protocol information.

pptp

(Optional) Displays Point-to-Point Tunneling protocol information.

Defaults

Disabled

Command Modes

Global configuration

Command History

Release

Modification

11.2

This command was introduced.

12.1(5)T

This command was modified to include h323 keyword.

Usage Guidelines

The NAT feature reduces the need for unique, registered IP addresses. It can also save private network administrators from needing to renumber hosts and routers that do not conform to global IP addressing.

Use the debug ip nat command to verify the operation of the NAT feature by displaying information about every packet that is translated by the router. The debug ip nat detailed command generates a description of each packet considered for translation. This command also outputs information about certain errors or exceptional conditions, such as the failure to allocate a global address. To display messages related to the processing of H.225 signalling and H.245 messages, use the debug ip nat h323 command.

Caution Because the debug ip nat command generates a substantial amount of output, use it only when traffic on the IP network is low, so other activity on the system is not adversely affected.

Examples

The following is sample output from the debug ip nat command. In this example, the first two lines show the debugging output produced by a Domain Name System (DNS) request and reply. The remaining lines show the debugging output from a Telnet connection from a host on the inside of the network to a host on the outside of the network. All Telnet packets, except for the first packet, were translated in the fast path, as indicated by the asterisk (*).
Router# debug ip nat 
NAT: s=192.168.1.95->172.31.233.209, d=172.31.2.132 [6825]
NAT: s=172.31.2.132, d=172.31.233.209->192.168.1.95 [21852] 
NAT: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6826] 
NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23311] 
NAT*: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6827] 
NAT*: s=192.168.1.95->172.31.233.209, d=172.31.1.161 [6828] 
NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23313] 
NAT*: s=172.31.1.161, d=172.31.233.209->192.168.1.95 [23325]
Table 1 describes the significant fields shown in the display.

Table 1 debug ip nat Field Descriptions

Field

Description

NAT:

Indicates that the packet is being translated by the NAT feature. An asterisk (*) indicates that the translation is occurring in the fast path. The first packet in a conversation always goes through the slow path (that is, process-switched). The remaining packets go through the fast path if a cache entry exists.

s=192.168.1.95—172.31.233.209

Source address of the packet and how it is being translated.

d=172.31.2.132

Destination address of the packet.

[6825]

IP identification number of the packet. Might be useful in the debugging process to correlate with other packet traces from protocol analyzers.

The following is sample output from the debug ip nat detailed command. In this example, the first two lines show the debugging output produced by a DNS request and reply. The remaining lines show the debugging output from a Telnet connection from a host on the inside of the network to a host on the outside of the network. In this example, the inside host 192.168.1.95 was assigned the global address 172.31.233.193.
Router# debug ip nat detailed
NAT: i: udp (192.168.1.95, 1493) -> (172.31.2.132, 53) [22399]
NAT: o: udp (172.31.2.132, 53) -> (172.31.233.193, 1493) [63671]
NAT*: i: tcp (192.168.1.95, 1135) -> (172.31.2.75, 23) [22400]
NAT*: o: tcp (172.31.2.75, 23) -> (172.31.233.193, 1135) [22002]
NAT*: i: tcp (192.168.1.95, 1135) -> (172.31.2.75, 23) [22401]
NAT*: i: tcp (192.168.1.95, 1135) -> (172.31.2.75, 23) [22402]
NAT*: o: tcp (172.31.2.75, 23) -> (172.31.233.193, 1135) [22060]
NAT*: o: tcp (172.31.2.75, 23) -> (172.31.233.193, 1135) [22071]
Table 2 describes the significant fields shown in the display.

Table 2 debug ip nat detailed Field Descriptions

Field

Description

NAT:

Indicates that the packet is being translated by the NAT feature. An asterisk (*) indicates that the translation is occurring in the fast path.

i:

Indicates that the packet is moving from a host inside the network to one outside the network.

o:

Indicates that the packet is moving from a host outside the network to one inside the network.

udp

Protocol of the packet.

(192.168.1.95, 1493)— (172.31.2.132, 53)

Indicates that the packet is sent from IP address 192.168.1.95, port number 1493 to IP address 172.31.2.132, port number 53.

[22399]

IP identification number of the packet.

The following is sample output from the debug ip nat h323 command. In this example, an H.323 call is established between two hosts, one host on the inside and the other one on the outside. The debug displays the H.323 messages names that NAT recognizes and the embedded IP addresses contained in those messages.
Router# debug ip nat h323
NAT:H225:[0] processing a Setup message
NAT:H225:[0] found Setup sourceCallSignalling
NAT:H225:[0] fix TransportAddress addr=192.168.122.50 port=11140
NAT:H225:[0] found Setup fastStart
NAT:H225:[0] Setup fastStart PDU length:18
NAT:H245:[0] processing OpenLogicalChannel message, forward channel 
number 1
NAT:H245:[0] found OLC forward mediaControlChannel
NAT:H245:[0] fix TransportAddress addr=192.168.122.50 port=16517
NAT:H225:[0] Setup fastStart PDU length:29
NAT:H245:[0] processing OpenLogicalChannel message, forward channel 
number 1
NAT:H245:[0] found OLC reverse mediaChannel
NAT:H245:[0] fix TransportAddress addr=192.168.122.50 port=16516
NAT:H245:[0] found OLC reverse mediaControlChannel
NAT:H245:[0] fix TransportAddress addr=192.168.122.50 port=16517
NAT:H225:[1] processing an Alerting  message
NAT:H225:[1] found Alerting fastStart
NAT:H225:[1] Alerting fastStart PDU length:25
NAT:H245:[1] processing OpenLogicalChannel message, forward channe
Table 3 describes the significant fields shown in the display.

Table 3 debug ip nat h323 Field Descriptions

Field

Description

NAT:

Indicates that the packet is being translated by the NAT feature.

H.225/H.245:

Protocol of the packet.

[1]

Indicates that the packet is moving from a host inside the network to one outside the network.

[0]

Indicates that the packet is moving from a host outside the network to one inside the network.