IP PAT Outside for VOIP

I am having a squawk with my VOIP provlder.

They are insisting that I program my Cisco 871 router with port address translation for two VOIP ports (UDP, of course) and a small handful of over UDP port plus one TCP port.

The idea is that when they connect to my router to address the VOIP device (which has a static private IP address on my home network) that anything coming in on these ports will be routed to my VOIP device's static IP address.

Unfortunately, it has been a while since I've done this.

Can someone give me the correct syntax by which to accomplish this?

Regards,

Fred

Reply to
Fred Atkinson
Loading thread data ...

I imagine that you just need some static NATs in addition to your overloaded (PAT) internet NAT.

I have for example:

ip nat inside source static udp 10.6.3.3 6228 interface Dialer0 6228 ip nat inside source static tcp 10.6.3.3 6228 interface Dialer0 6228 ip nat inside source route-map RM.nat interface Dialer0 overload

So I allow incoming connections to two ports udp 6228 tcp 6228 in addition to overloaded outbound NAT.

Don't worry about the route-map, it was for previous VPN traffic and does not involve or affect the port 6228 addresses.

The static NATs automagically take precedence over the overloaded dynamic NAT and you don't need to worry about configuring exclusions - well as far as I know:-)

Reply to
bod43

Thanks for the response.

My Internet port is f4. Since I am using cablemodem, so I revised them as follows:

ip nat inside source static udp 10.6.3.3 6228 interface f4 6228

ip nat inside source static tcp 10.6.3.3 6228 interface f4 6228

So I put an entry for each udp port and one for the tcp port.

But I'm not sure how to revise the third one you gave me:

ip nat inside source route-map RM.nat interface Dialer0 overload

So I think this may be it:

ip nat inside source route-map VOIP interface f4 overload

Do you concur?

Regards, and thanks,

Fred

Reply to
Fred Atkinson

| So I think this may be it: | | ip nat inside source route-map VOIP interface f4 overload

Use this instead:

access-list 15 permit your_lan_address_range in nat inside source list 15 interface f4 overload

Reply to
Morph

| In the message Fred | Atkinson wrote: | | | So I think this may be it: | | | | ip nat inside source route-map VOIP interface f4 overload | | Use this instead: | | access-list 15 permit your_lan_address_range | in nat inside source list 15 interface f4 overload

Or perhaps it would be better to use it like this:

access-list 101 permit ip 10.6.3.0 0.0.0.255 100.100.100.0 0.0.0.255 in nat inside source list 101 interface f4 overload

assuming your network is 10.6.3.0/24 and your providers network is

100.100.100.0/24
Reply to
Morph

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.