More on CISCO SIP

Bob Chiodini rchiodin at bellsouth.net
Tue Aug 21 21:39:44 UTC 2007 


tony.chamberlain at lemko.com wrote:
> By fudging around I got one Cisco phone to work externally.  I am not 
> sure what we did
> is the optimal thing to do however, and was hoping to elicit 
> comments/suggestions.
> By the way our router software was a bit different than someone 
> suggested but SIP was
> turned on.
>
> We had a network (I am using these numbers as an example.  The first 3 
> bytes may not correspond exactly
> to our network.  The last should.
>
> We had a rang 20.30.40.137 - 20.30.40.142.  In the LAN configuration 
> it said the gateway was 20.30.40.137 and
> for the WAN 20.30.40.142.  Our SIP phone was 20.30.40.138.  Anyway, 
> the SIP phone wouldn't register, so I
>
>      On the SIP phone set gateway to 20.30.40.137
>      On the router set NAT IP Passthrough
> and since 138 was not getting traffic, I
>
>      Also on the router set an IPMAP from 138 (internal) to 137 
> (external).
>
> This allowed the SIP phone to register at two different proxies (two 
> different lines).  On the first proxy everything worked
> fine.  AT the second proxy it was using 20.30.40.142 rather than 
> 20.30.40.137 but I could not do two maps for 138.  Simply
> doing 142 instead of 137 did not work for either line.
>
> Any idea what's going on?  Should the SIP IP be 20.30.40.137?  Is it 
> OK to do the IP Map?  The NAT ?
>
> Tony
>
>
Tony,

How may addresses do you have in the WAN, one or a one-to-one mapping to 
LAN addresses.  Since you mention IP pass through, I'll assume you have 
one WAN address.

In a NAT'd address space you will need to allow your router to pass the 
SIP and RTP ports from the outside proxy to the inside address of the 
phone.  For multiple WAN addresses, you should map a unique address to 
each phone.

In a single WAN address environment, the second LAN-based phone must 
either register with the proxy using a different set of SIP and RTP 
ports or have a firewall that can track the SIP traffic based on 
application layer data, as was suggested in a response to your previous 
post.

You may want to investigate STUN.

If your PBX is asterisk it should be easy to configure the second 
extension to register using unique ports.

Bob...

More information about the users mailing list