Cisco Cisco Expressway
Max-Forwards: 70
Content-Type: application/sdp
Content-Length: 2825
v=0
s=-
c=IN IP4 10.0.10.2
b=AS:2048
…
…
…
Figure 4: SIP INVITE arriving at Endpoint B
As can be seen from the example above, endpoint B will see that the SIP INVITE was received from IP
64.100.0.10 (NAT router), so the endpoint will know where to send its reply messages for the INVITE itself.
64.100.0.10 (NAT router), so the endpoint will know where to send its reply messages for the INVITE itself.
The c-line within the SDP of the SIP INVITE is however still set to c=IN IP4 10.0.10.2, which means that
endpoint B will attempt to send RTP media to the IP address 10.0.10.2, an address which is not routable on
the Internet.
endpoint B will attempt to send RTP media to the IP address 10.0.10.2, an address which is not routable on
the Internet.
The result in this scenario will therefore be that endpoint A will never receive media sent by endpoint B (while
endpoint B will normally receive media from endpoint A, since endpoint B is assigned with a publicly routable
IP address).
endpoint B will normally receive media from endpoint A, since endpoint B is assigned with a publicly routable
IP address).
Similar behavior will be seen in H.323 calls, since H.323 uses the same principles as SIP in terms of
embedding IP address and port references within the message payload.
embedding IP address and port references within the message payload.
Solution
To ensure that call signaling and media connectivity remains functional in scenarios where the Expressway-
E is deployed behind a NAT (as in the example above), the Expressway-E will have to modify the parts of
SIP and H.323 messages which contain references to its actual LAN2 network interface IP address
(10.0.10.2) and replace these with the public NAT address of the NAT router (64.100.0.10).
E is deployed behind a NAT (as in the example above), the Expressway-E will have to modify the parts of
SIP and H.323 messages which contain references to its actual LAN2 network interface IP address
(10.0.10.2) and replace these with the public NAT address of the NAT router (64.100.0.10).
This can be achieved by enabling Static NAT mode on selected network interfaces on the Expressway-E.
The Static NAT mode feature on the Expressway-E is made available with the Advanced Networking
option key.
The Static NAT mode feature on the Expressway-E is made available with the Advanced Networking
option key.
This option key allows the use of two network interfaces (LAN1 and LAN2) and for Static NAT mode to be
enabled on one or both of these interfaces. It is not compulsory to use both interfaces; you may use only a
single interface and have Static NAT mode enabled on that.
enabled on one or both of these interfaces. It is not compulsory to use both interfaces; you may use only a
single interface and have Static NAT mode enabled on that.
When static NAT has been enabled on an interface, the Expressway will apply static NAT for all outbound
SIP and H.323 traffic for this interface, which means that H.323 and SIP devices have to communicate with
this interface using the static NAT address rather than the local interface address.
SIP and H.323 traffic for this interface, which means that H.323 and SIP devices have to communicate with
this interface using the static NAT address rather than the local interface address.
When the Advanced Networking key is installed on the Expressway-E, the
IP
configuration page (
System
> Network interfaces > IP
) has additional options, allowing the user to decide whether to Use dual network
interfaces, to nominate which interface is the External LAN interface, to enable Static NAT mode on
selected interfaces and configure an IPv4 static NAT address for each interface.
selected interfaces and configure an IPv4 static NAT address for each interface.
Using the example deployment above, the Expressway-E would be configured as follows:
Cisco Expressway Basic Configuration Deployment Guide (X8.6)
Page 48 of 57
Appendix 4: Advanced network deployments