3 Replies Latest reply on Jan 8, 2014 10:14 AM by noor

    SIP Proxy & Secondary Public IP

    pta200 New Member

      I read the posts in this thread Re: 3100 series and telephony and was wondering what to do if the carrier was expecting and sending traffic to a public IP address that a secondary address on the public facing interface on a 3448. So without the outbound NAT specifying the secondary address the proxy is always going to use the primary address on the interface which the carrier won't accept.



        • Re: SIP Proxy & Secondary Public IP
          levi Employee



          Thank you for asking this question in the support community.  If the carrier is expecting traffic from an IP address, other than the primary IP address assigned to the public facing interface, then the firewall will need a NAT statement to that address.  Also, the media-gateway command should specify the secondary IP address.  Here is an example configuration of the interface and firewall configuration:


          interface eth 0/1

            description INTERNET CONNECTION

            ip address

            ip address  secondary

            ip access-policy PUBLIC

            media-gateway ip secondary

            no shutdown


          interface eth 0/2

            description LAN CONNECTION

            ip address

            ip access-policy PRIVATE

            media-gateway ip primary

            no shutdown


          ip policy-class PRIVATE

            allow list SIP self

            nat source list VOICE address overload

            nat source list MATCHALL interface eth 0/1 overload


          ip policy-class PUBLIC

            allow list SIP self


          I hope that makes sense, but please do not hesitate to reply to this post with any additional questions.  I will be happy to help in any way I can.



            • Re: SIP Proxy & Secondary Public IP

              pta200 -

              I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post to unmark it and select another in its place with the applicable buttons.  If you have any additional information on this that others may benefit from, please come back to this post to provide an update.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.




            • Re: SIP Proxy & Secondary Public IP
              jayh Hall_of_Fame

              Do exactly what Levi says, or just swap the primary and secondary IPs in the configuration so that the voice traffic uses the primary.

              Do this from a device on the inside or from the console or you're likely to lock yourself out of the box.  Configuring the interface or route via which you are connected is risky at best.

              "reload in 15" first can save your butt if you have no other choice.  If you lock yourself out, just wait.  15 minutes later the box reboots and your unsaved changes are gone.