User Defined Source Port Ranges for PAT

Available Languages

Download Options

PDF (223.6 KB)
View with Adobe Reader on a variety of devices

Updated:January 31, 2007

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

User Defined Source Port Ranges for PAT

Table Of Contents

User Defined Source Port Ranges for PAT

Contents

Restrictions for User Defined Source Port Ranges for PAT

Information About User Defined Source Port Ranges for PAT

User Defined Source Port Ranges for PAT Overview

Even Port Parity

How to Configure Source Port Ranges for PAT

Configuring Source Port Ranges for PAT

Configuration Examples for User Defined Source Port Ranges for PAT

User Defined Source Port Ranges for PAT: Example

How to Configure Even Port Parity

Configuring Even Port Parity

Configuration Examples for Even Port Parity

Even Port Parity: Example

Additional References

Related Documents

Standards

MIBs

Technical Assistance

Feature Information for User Defined Source Port Ranges for PAT

User Defined Source Port Ranges for PAT

First Published: November 17, 2006

Last Updated: November 17, 2006

The User Defined Source Port Ranges for PAT feature enables the specification of source port ranges for Port Address Translation (PAT) for SIP, H.323, and Skinny Real-Time Transport Protocol (RTP) and RTP Control Protocol (RTCP).

Finding Feature Information in This Module

Your Cisco IOS software release may not support all of the features documented in this module. To reach links to specific feature documentation in this module and to see a list of the releases in which each feature is supported, use the "Feature Information for <Phrase Based on Module Title>" section on page 7.

Finding Support Information for Platforms and Cisco IOS and Catalyst OS Software Images

Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Contents

•Restrictions for User Defined Source Port Ranges for PAT

•Information About User Defined Source Port Ranges for PAT

•How to Configure Source Port Ranges for PAT

•Configuration Examples for User Defined Source Port Ranges for PAT

•How to Configure Even Port Parity

•Configuration Examples for Even Port Parity

•Command Reference, page 9

Restrictions for User Defined Source Port Ranges for PAT

•The size of port range that can be reserved is limited to a multiple of 64.

•The start port for the port range should also be a multiple of 64.

Information About User Defined Source Port Ranges for PAT

Before you configure the source port ranges for PAT, you should understand the following concept:

•User Defined Source Port Ranges for PAT Overview

•Even Port Parity

User Defined Source Port Ranges for PAT Overview

In order for VoIP traffic to not be in violation of the RTP standards and best practices, even/odd pairing of ports for RTP and RTCP traffic for SIP ALG, Skinny and H.323 has been made available.

Following is a scenario of what happens to VoIP traffic translated using PAT without user defined ports.

The first VoIP traffic getting translated using PAT, would request for port 16384 and would get to use port 16384 for its RTP traffic.

The second VoIP traffic stream getting translated using PAT would also request 16384 for its RTP. Since this port number is already in use by the first call, PAT would translate the 16384 source port for the second phone to 1024 (assuming the port was free) and this would be in violation of the RTP standards/best practices.

A third call would end up using port 1025 and others would increment from there.

Each call after the first call would end up having its inside source port translated to an external port assignment that is out of specifications for RTP, and this would continue until PAT binding fir the first call expires.

Problems associated with RTP traffic being assigned to a non-standard port by PAT:

•Inability for compressed RTP (cRTP) to be invoked in the return direction, as it only operates on RTP flows with compliant port numbers.

•Difficulty in properly classifying voice traffic for corresponding QoS treatment.

•Violation of standard firewall policies that specifically account for RTP/TRCP traffic by specified standard port range.

Even Port Parity

Cisco IOS NAT SIP gateways normally select the next available port+1 for SIP fixup in the NAT translations. The NAT gateway does not check for even/odd pair for RTP/TRCP port numbers, and as a result issues may arise with SIP user agents that are strictly following the encouraged even/odd parity for RTP/RTCP port numbers.

Even port parity for SIP, H.323, and skinny is supported by default and it can be turned off forcing the odd RTP ports allocation.

How to Configure Source Port Ranges for PAT

This section contains the following task:

•Configuring Source Port Ranges for PAT

Configuring Source Port Ranges for PAT

Perform this task to assign a set of ports and associate a map to them.

SUMMARY STEPS

1. enable

2. configure terminal

3. ip nat port-map mapname application application start startport size size

4. ip nat inside source list list-name pool pool-name overload portmap portmap-name

DETAILED STEPS

Command or Action

Purpose

Step 1

enable

Example:

Router> enable

Enables privileged EXEC mode.

•Enter your password if prompted.

Step 2

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3

ip nat portmap mapname application application startport startport size size

Example:

Router(config)# ip nat portmap NAT-1 application sip-rtp startport 32128 size 128

Defines the port map.

Step 4

ip nat inside source list list-name pool pool-name overload portmap portmap-name

Example:

Router(config)# ip nat inside source list 1 pool A overload portmap NAT-1

Associates the port map to the NAT configuration.

Configuration Examples for User Defined Source Port Ranges for PAT

This section provides the following configuration example:

•User Defined Source Port Ranges for PAT: Example

User Defined Source Port Ranges for PAT: Example

The following examples shows how to assign a set of ports and associate a map to them.
ip nat portmap NAT-I
 cisco-rtp-h323-low
 appl sip-rtp startport 32128 size 128
 appl sip-rtp startport 32000 size 64
ip nat inside source list 1 pool A overload portmap NAT-I
Macros have been defined to make port map configuration easier. Table 1 lists the name of the macros and the ports.

Table 1 Macro Names and Ports

Macro Name

Ports

Application

cisco-rtp-h323-low

16384-32767

H.323

cisco-rtp-h323-high

49152-65535

H.323

cisco-rtp-skinny-low

16384-32767

Skinny

cisco-rtp-skinny-high

49152-65535

Skinny

cisco-rtp-sip-low

16384-32767

SIP

cisco-rtp-sip-high

49152-65535

SIP

How to Configure Even Port Parity

This section contains the following task:

•Configuring Source Port Ranges for PAT

Configuring Even Port Parity

Perform this task to enable even port parity.

SUMMARY STEPS

1. enable

2. configure terminal

3. ip nat service allow-h323-even-rtp-port

DETAILED STEPS

Command or Action

Purpose

Step 1

enable

Example:

Router> enable

Enables privileged EXEC mode.

•Enter your password if prompted.

Step 2

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3

ip nat service allow-h323-even-rtp-port

Example:

Router(config)# ip nat service allow-h-323-even-rtp-port

Establishes even port parity for H323.

Configuration Examples for Even Port Parity

This section provides the following configuration example:

•User Defined Source Port Ranges for PAT: Example

Even Port Parity: Example

The following examples enables even port parity for H.323.
ip nat service allow-h323-even-rtp-port
Additional References

The following sections provide references related to using application level gateways with NAT.

Related Documents

Related Topic

Document Title

NAT commands: complete command syntax, command mode, defaults, usage guidelines, and examples

"IP Addressing Commands" chapter in the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.4T

Standards

Standards

Title

None

MIBs

MIBs

MIBs Link

None

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs

Technical Assistance

Description

Link

The Cisco Technical Support website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.

http://www.cisco.com/techsupport

Feature Information for User Defined Source Port Ranges for PAT

Table 2 lists the features in this module and provides links to specific configuration information. Only features that were introduced or modified in Cisco IOS Release 12.2(1) or later appear in the table.

Not all commands may be available in your Cisco IOS software release. For details on when support for specific commands was introduced, see the command reference documents.

For information on a feature in this technology that is not documented here, see the "Configuring Network Address Translation Features Roadmap."

Cisco IOS software images are specific to a Cisco IOS software release, a feature set, and a platform. Use Cisco Feature Navigator to find information about platform support and Cisco IOS software image support. Access Cisco Feature Navigator at http://www.cisco.com/go/fn. You must have an account on Cisco.com. If you do not have an account or have forgotten your username or password, click Cancel at the login dialog box and follow the instructions that appear.

Note Table 2 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.

Table 2 Feature Information for Using Application Level Gateways with NAT

Feature Name

Releases

Feature Configuration Information

User Defined Source Port Ranges for PAT feature

12.4(11)T

The User Defined Source Port Ranges for PAT feature enables the specification of source port ranges for Port Address Translation (PAT) for SIP, H.323, and Skinny Real-Time Transport Protocol (RTP) and RTP Control Protocol (RTCP).

The following sections provide information about this feature:

•"How to Configure Source Port Ranges for PAT" section

•"How to Configure Even Port Parity" section

Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.

© <year> Cisco Systems, Inc. All rights reserved.

	Command or Action	Purpose
Step 1	enable Example: Router> enable	Enables privileged EXEC mode. •Enter your password if prompted.
Step 2	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 3	ip nat portmap mapname application application startport startport size size Example: Router(config)# ip nat portmap NAT-1 application sip-rtp startport 32128 size 128	Defines the port map.
Step 4	ip nat inside source list list-name pool pool-name overload portmap portmap-name Example: Router(config)# ip nat inside source list 1 pool A overload portmap NAT-1	Associates the port map to the NAT configuration.

Macro Name	Ports	Application
cisco-rtp-h323-low	16384-32767	H.323
cisco-rtp-h323-high	49152-65535	H.323
cisco-rtp-skinny-low	16384-32767	Skinny
cisco-rtp-skinny-high	49152-65535	Skinny
cisco-rtp-sip-low	16384-32767	SIP
cisco-rtp-sip-high	49152-65535	SIP

	Command or Action	Purpose
Step 1	enable Example: Router> enable	Enables privileged EXEC mode. •Enter your password if prompted.
Step 2	configure terminal Example: Router# configure terminal	Enters global configuration mode.
Step 3	ip nat service allow-h323-even-rtp-port Example: Router(config)# ip nat service allow-h-323-even-rtp-port	Establishes even port parity for H323.

Related Topic	Document Title
NAT commands: complete command syntax, command mode, defaults, usage guidelines, and examples	"IP Addressing Commands" chapter in the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services, Release 12.4T

Standards	Title
None

MIBs	MIBs Link
None	To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs

Description	Link
The Cisco Technical Support website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.	http://www.cisco.com/techsupport

Table 2 Feature Information for Using Application Level Gateways with NAT
Feature Name	Releases	Feature Configuration Information
User Defined Source Port Ranges for PAT feature	12.4(11)T	The User Defined Source Port Ranges for PAT feature enables the specification of source port ranges for Port Address Translation (PAT) for SIP, H.323, and Skinny Real-Time Transport Protocol (RTP) and RTP Control Protocol (RTCP). The following sections provide information about this feature: •"How to Configure Source Port Ranges for PAT" section •"How to Configure Even Port Parity" section

Was this Document Helpful?

Feedback

Contact Cisco

Open a Support Case
(Requires a Cisco Service Contract)