The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
The User Defined Source Port Ranges for PAT feature enables the specification of source port ranges for Port Address Translation (PAT) for SIP, H.323, and Skinny Real-Time Transport Protocol (RTP) and RTP Control Protocol (RTCP).
The size of port range that can be reserved is limited to a multiple of 64.
The start port for the port range should also be a multiple of 64.
In order for VoIP traffic to not be in violation of the RTP standards and best practices, even/odd pairing of ports for RTP and RTCP traffic for SIP ALG, Skinny and H.323 has been made available.
Following is a scenario of what happens to VoIP traffic translated using PAT without user defined ports.
The first VoIP traffic getting translated using PAT, would request for port 16384 and would get to use port 16384 for its RTP traffic.
The second VoIP traffic stream getting translated using PAT would also request 16384 for its RTP. Since this port number is already in use by the first call, PAT would translate the 16384 source port for the second phone to 1024 (assuming the port was free) and this would be in violation of the RTP standards/best practices.
A third call would end up using port 1025 and others would increment from there.
Each call after the first call would end up having its inside source port translated to an external port assignment that is out of specifications for RTP, and this would continue until PAT binding fir the first call expires.
Problems associated with RTP traffic being assigned to a non-standard port by PAT:
Inability for compressed RTP (cRTP) to be invoked in the return direction, as it only operates on RTP flows with compliant port numbers.
Difficulty in properly classifying voice traffic for corresponding QoS treatment.
Violation of standard firewall policies that specifically account for RTP/TRCP traffic by specified standard port range.
Cisco IOS NAT SIP gateways normally select the next available port+1 for SIP fixup in the NAT translations. The NAT gateway does not check for even/odd pair for RTP/TRCP port numbers, and as a result issues may arise with SIP user agents that are strictly following the encouraged even/odd parity for RTP/RTCP port numbers.
Even port parity for SIP, H.323, and skinny is supported by default and it can be turned off forcing the odd RTP ports allocation.
Perform this task to assign a set of ports and associate a map to them.
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
enable Example: |
Enables privileged EXEC mode.
|
| Step 2 |
configure terminal Example: |
Enters global configuration mode. |
| Step 3 |
ip nat portmap mapname application application startport startport size size Example: |
Defines the port map. |
| Step 4 |
ip nat inside source list list - name pool pool - name overload portmap portmap - name Example: |
Associates the port map to the NAT configuration. |
Even port parity for H.323, SIP, and skinny is supported by default and can be turned off forcing the odd ports allocation.
Perform this task to enable even port parity.
| Command or Action | Purpose | |
|---|---|---|
| Step 1 |
enable Example: |
Enables privileged EXEC mode.
|
| Step 2 |
configure terminal Example: |
Enters global configuration mode. |
| Step 3 |
ip nat service allow-h323-even-rtp-ports | allow-sip-even-rtp-ports | allow-skinny-even-rtp-ports Example: |
Establishes even port parity for H323, the SIP protocol, or the skinny protocol. |
The following examples shows how to assign a set of ports and associate a map to them.
ip nat portmap NAT-I
cisco-rtp-h323-low
appl sip-rtp startport 32128 size 128
appl sip-rtp startport 32000 size 64
ip nat inside source list 1 pool A overload portmap NAT-I
Macros have been defined to make port map configuration easier. The table below lists the name of the macros and the ports.
|
Macro Name |
Ports |
Application |
|---|---|---|
|
cisco-rtp-h323-low |
16384-32767 |
H.323 |
|
cisco-rtp-h323-high |
49152-65535 |
H.323 |
|
cisco-rtp-skinny-low |
16384-32767 |
Skinny |
|
cisco-rtp-skinny-high |
49152-65535 |
Skinny |
|
cisco-rtp-sip-low |
16384-32767 |
SIP |
|
cisco-rtp-sip-high |
49152-65535 |
SIP |
The following example enables even port parity for H.323.
ip nat service allow-h323-even-rtp-ports
The following example enables even port parity for SIP.
ip nat service allow-sip-even-rtp-ports
The following example enables even port parity for the skinny protocol.
ip nat service allow-skinny-even-rtp-ports|
Related Topic |
Document Title |
|---|---|
|
Cisco IOS commands |
|
|
NAT commands: complete command syntax, command mode, defaults, usage guidelines, and examples |
Cisco IOS IP Addressing Services Command Reference |
|
Standards |
Title |
|---|---|
|
None |
-- |
|
MIBs |
MIBs Link |
|---|---|
|
|
To locate and download MIBs for selected platforms, Cisco software releases, and feature sets, use Cisco MIB Locator found at the following URL: |
|
Description |
Link |
|---|---|
|
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password. |
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.|
Feature Name |
Releases |
Feature Information |
|---|---|---|
|
User Defined Source Port Ranges for PAT |
12.4(11)T |
The User Defined Source Port Ranges for PAT feature enables the specification of source port ranges for Port Address Translation (PAT) for SIP, H.323, and Skinny Real-Time Transport Protocol (RTP) and RTP Control Protocol (RTCP). |
Feedback