cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Anonymous
Not applicable

SIP Proxy & Secondary Public IP

Jump to solution

I read the posts in this thread and was wondering what to do if the carrier was expecting and sending traffic to a public IP address that a secondary address on the public facing interface on a 3448. So without the outbound NAT specifying the secondary address the proxy is always going to use the primary address on the interface which the carrier won't accept.

thanks,
Paolo

0 Kudos
1 Solution

Accepted Solutions
Anonymous
Not applicable

Re: SIP Proxy & Secondary Public IP

Jump to solution

Paolo:

Thank you for asking this question in the support community.  If the carrier is expecting traffic from an IP address, other than the primary IP address assigned to the public facing interface, then the firewall will need a NAT statement to that address.  Also, the media-gateway command should specify the secondary IP address.  Here is an example configuration of the interface and firewall configuration:

interface eth 0/1

  description INTERNET CONNECTION

  ip address  1.1.1.1  255.255.255.248

  ip address  2.2.2.2  255.255.255.255  secondary

  ip access-policy PUBLIC

  media-gateway ip secondary  2.2.2.2

  no shutdown

!

interface eth 0/2

  description LAN CONNECTION

  ip address  3.3.3.1  255.255.255.0

  ip access-policy PRIVATE

  media-gateway ip primary

  no shutdown

!

ip policy-class PRIVATE

  allow list SIP self

  nat source list VOICE address 2.2.2.2 overload

  nat source list MATCHALL interface eth 0/1 overload

!

ip policy-class PUBLIC

  allow list SIP self

I hope that makes sense, but please do not hesitate to reply to this post with any additional questions.  I will be happy to help in any way I can.

Levi

View solution in original post

0 Kudos
3 Replies
Anonymous
Not applicable

Re: SIP Proxy & Secondary Public IP

Jump to solution

Paolo:

Thank you for asking this question in the support community.  If the carrier is expecting traffic from an IP address, other than the primary IP address assigned to the public facing interface, then the firewall will need a NAT statement to that address.  Also, the media-gateway command should specify the secondary IP address.  Here is an example configuration of the interface and firewall configuration:

interface eth 0/1

  description INTERNET CONNECTION

  ip address  1.1.1.1  255.255.255.248

  ip address  2.2.2.2  255.255.255.255  secondary

  ip access-policy PUBLIC

  media-gateway ip secondary  2.2.2.2

  no shutdown

!

interface eth 0/2

  description LAN CONNECTION

  ip address  3.3.3.1  255.255.255.0

  ip access-policy PRIVATE

  media-gateway ip primary

  no shutdown

!

ip policy-class PRIVATE

  allow list SIP self

  nat source list VOICE address 2.2.2.2 overload

  nat source list MATCHALL interface eth 0/1 overload

!

ip policy-class PUBLIC

  allow list SIP self

I hope that makes sense, but please do not hesitate to reply to this post with any additional questions.  I will be happy to help in any way I can.

Levi

0 Kudos
jayh
Honored Contributor
Honored Contributor

Re: SIP Proxy & Secondary Public IP

Jump to solution

Do exactly what Levi says, or just swap the primary and secondary IPs in the configuration so that the voice traffic uses the primary.


Do this from a device on the inside or from the console or you're likely to lock yourself out of the box.  Configuring the interface or route via which you are connected is risky at best.


"reload in 15" first can save your butt if you have no other choice.  If you lock yourself out, just wait.  15 minutes later the box reboots and your unsaved changes are gone.

Anonymous
Not applicable

Re: SIP Proxy & Secondary Public IP

Jump to solution

-

I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post to unmark it and select another in its place with the applicable buttons.  If you have any additional information on this that others may benefit from, please come back to this post to provide an update.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

Thanks,

Noor