Cisco Cisco TelePresence Video Communication Server Expressway
Appendix 4 – Static NAT and Dual Network Interface architectures
Cisco VCS Basic Configuration (Control with Expressway) Deployment Guide
Page 60 of 69
Contact: <sip:EndpointA@10.0.20.3:55938;transport=tls>
From: "Endpoint A" <sip:EndpointA@cisco.com>;tag=9a42af
To: <sip:64.100.0.20>
Max-Forwards: 70
Content-Type: application/sdp
Content-Length: 2825
v=0
s=-
c=IN IP4 10.0.10.2
b=AS:2048
…
…
…
Figure 4: SIP INVITE arriving at Endpoint B
As can be seen from the example above, endpoint B will see that the SIP INVITE was received from IP
64.100.0.10 (NAT router), so the endpoint will know where to send its reply messages for the INVITE itself.
64.100.0.10 (NAT router), so the endpoint will know where to send its reply messages for the INVITE itself.
The c-line within the SDP of the SIP INVITE is however still set to c=IN IP4 10.0.10.2, which means that
endpoint B will attempt to send RTP media to the IP address 10.0.10.2, an address which is not routable on
the Internet.
endpoint B will attempt to send RTP media to the IP address 10.0.10.2, an address which is not routable on
the Internet.
The result in this scenario will therefore be that endpoint A will never receive media sent by endpoint B (While
endpoint B will normally receive media from endpoint A, since endpoint B is assigned with a publicly routable
IP address).
endpoint B will normally receive media from endpoint A, since endpoint B is assigned with a publicly routable
IP address).
Similar behavior will be seen in H.323 calls, since H.323 uses the same principles as SIP in terms of
embedding IP address and port references within the message payload.
embedding IP address and port references within the message payload.
Solution
To ensure that call signaling and media connectivity remains functional in scenarios where the VCS
Expressway is deployed behind a NAT (as in the example above), the Expressway will have to modify the
parts of SIP and H.323 messages which contain references to its actual LAN2 network interface IP address
(10.0.10.2) and replace these with the public NAT address of the NAT router (64.100.0.10).
Expressway is deployed behind a NAT (as in the example above), the Expressway will have to modify the
parts of SIP and H.323 messages which contain references to its actual LAN2 network interface IP address
(10.0.10.2) and replace these with the public NAT address of the NAT router (64.100.0.10).
This can be achieved by enabling Static NAT mode on selected network interfaces on the Expressway. The
Static NAT mode feature on the Expressway is made available with the Dual Network Interfaces option
key.
Static NAT mode feature on the Expressway is made available with the Dual Network Interfaces option
key.
This option key allows the use of two network interfaces (LAN1 and LAN2), and on a VCS Expressway it
allows Static NAT mode to be enabled on one or both of these interfaces. It is not compulsory to use both
interfaces, even though they have been enabled; you may use only a single interface and have Static NAT
mode enabled on that.
allows Static NAT mode to be enabled on one or both of these interfaces. It is not compulsory to use both
interfaces, even though they have been enabled; you may use only a single interface and have Static NAT
mode enabled on that.
When static NAT has been enabled on an interface, the VCS will apply static NAT for all outbound SIP and
H.323 traffic for this interface, which means that H.323 and SIP devices have to communicate with this
interface using the static NAT address rather than the local interface address.
H.323 traffic for this interface, which means that H.323 and SIP devices have to communicate with this
interface using the static NAT address rather than the local interface address.
When the Dual Network Interfaces key is installed on the VCS Expressway, the
IP
configuration page
(
System > IP
) has additional options, allowing the user to enable Static NAT mode on selected interfaces
and configure an IPv4 static NAT address for each interface.
Using the example deployment above, the VCS Expressway would be configured as follows: