Security Internetworking Experts


Post New Topic  Post A Reply
my profile | register | search | faq | forum home
  next oldest topic   next newest topic
» Security Internetworking Experts   » Security   » General Security Forum   » Configure NAT

UBBFriend: Email this page to someone!    
Author Topic: Configure NAT
pllim
Jr Member

Member # 11168

Rate Member 		posted September 21, 2005 04:55 AM      Profile for pllim     Send New Private Message      Edit/Delete Post  Reply With Quote 
I have a Cisco 2621 router running 12.1 IOS. I'm trying to setup NAT with a registered global IP address. Using the same global IP address, I would like to -

1. Allow outside Internet users to access to my internal web server (IP 10.30.2.36) using port 80.

2. Allow outside Internet users to access to my internal Linksys Phone Adapter (IP 10.30.1.201) which requires port 5060 to 5070 and port 10000 to 30000.

Is this scenario possible?

Thanks in advance.
Posts: 14 | From: KL, Malaysia | Registered: Mar 2004  |  IP: Logged
JP Eikeland
Brainiac

Member # 15238

Rate Member 		posted September 22, 2005 02:43 AM      Profile for JP Eikeland     Send New Private Message      Edit/Delete Post  Reply With Quote 
Hi ,

I did a similar scenarion a year ago, setting up a infrastructure for a SIP infrastructure. So yes, it is posible. I used the PIX to do the natting but that would be the same. SIP protocol can live with nat althogh it is prefered to use a public ip address to the SIP server. If you need any more help, just let me know..

Jens P
Posts: 577 | From: Norway | Registered: Mar 2005  |  IP: Logged
pllim
Jr Member

Member # 11168

Rate Member 		posted September 22, 2005 03:00 AM      Profile for pllim     Send New Private Message      Edit/Delete Post  Reply With Quote 
After some trials and errors, I manage to find a solution. I created 2 static NAT entries into my router.

- problem solved -
Posts: 14 | From: KL, Malaysia | Registered: Mar 2004  |  IP: Logged
pllim
Jr Member

Member # 11168

Rate Member 		posted September 22, 2005 03:08 AM      Profile for pllim     Send New Private Message      Edit/Delete Post  Reply With Quote 
The thing which I am puzzle about is Linksys uses SIP and Cisco NAT support for SIP was introduced beginning from IOS version 12.2 (8)T. (See document titled "NAT Support for SIP" in Cisco website)
My Cisco router is using version 12.1(1).
So, why did my NAT work?
Posts: 14 | From: KL, Malaysia | Registered: Mar 2004  |  IP: Logged
happs
Elite

Member # 15802

Member Rated:
 		posted September 22, 2005 07:40 AM      Profile for happs     Send New Private Message      Edit/Delete Post  Reply With Quote 
im not sure, but i think this doc you are referring to "NAT Support for SIP" is actually "NAT Support for SIP on non-standard port", SIP can be configured with NAT just like you have with old IOS version, on standard port(s), i would like someone to please correct me if i got this wrong, thanks

"NAT listens on the default port of the SIP Proxy/UA server to translate the SIP messages. If the SIP Proxy/UA uses a port other than the default port, that port needs to be configured using the ip nat service sip command".
Posts: 329 | From: KHI-PK/RUH-K.S.A | Registered: Apr 2005  |  IP: Logged
JP Eikeland
Brainiac

Member # 15238

Rate Member 		posted September 22, 2005 10:54 AM      Profile for JP Eikeland     Send New Private Message      Edit/Delete Post  Reply With Quote 
yea... happs is right, and SIP is in fact a very nat friendly protocol compared to many others.

Jens P
Posts: 577 | From: Norway | Registered: Mar 2005  |  IP: Logged


All times are Eastern Time  
Post New Topic  Post A Reply Close Topic    Move Topic    Delete Topic next oldest topic   next newest topic
Printer-friendly view of this topic
Hop To:


Contact Us | Security Internetworking Experts