defaultinternalservererror

NATTCPSIPALGSupportTheNATTCPSIPALGSupportfeatureallowsembeddedmessagesoftheSessionInitiationProtocol(SIP)passingthroughadevicethatisconfiguredwithNetworkAddressTranslation(NAT)tobetranslatedandencodedbacktothepacket.
Anapplication-layergateway(ALG)isusedwithNATtotranslatetheSIPorSessionDescriptionProtocol(SDP)messages.
ThismoduledescribestheNATTCPSIPALGSupportfeatureandexplainshowtoconfigureit.
FindingFeatureInformation,onpage1PrerequisitesforNATTCPSIPALGSupport,onpage1RestrictionsforNATTCPSIPALGSupport,onpage1InformationAboutNATTCPSIPALGSupport,onpage2HowtoConfigureNATTCPSIPALGSupport,onpage6ConfigurationExamplesforNATTCPSIPALGSupport,onpage7AdditionalReferenceforNATTCPSIPALGSupport,onpage7FeatureInformationforNATTCPSIPALGSupport,onpage8FindingFeatureInformationYoursoftwarereleasemaynotsupportallthefeaturesdocumentedinthismodule.
Forthelatestcaveatsandfeatureinformation,seeBugSearchToolandthereleasenotesforyourplatformandsoftwarerelease.
Tofindinformationaboutthefeaturesdocumentedinthismodule,andtoseealistofthereleasesinwhicheachfeatureissupported,seethefeatureinformationtable.
UseCiscoFeatureNavigatortofindinformationaboutplatformsupportandCiscosoftwareimagesupport.
ToaccessCiscoFeatureNavigator,gotowww.
cisco.
com/go/cfn.
AnaccountonCisco.
comisnotrequired.
PrerequisitesforNATTCPSIPALGSupportLayer4Forwarding(L4F)mustbeenabledforthefeaturetofunction.
RestrictionsforNATTCPSIPALGSupportNetworkAddressTranslation(NAT)translatesonlyembeddedIPv4addresses.
NATTCPSIPALGSupport1NATapplication-layergateway(ALG)fixupforSessionInitiationProtocol(SIP)messagesoverTCPisnotdonewhenLayer4Forwarding(L4F)functionalityisdisabled.
Inthiscase,SIPmessagesareconsideredasTCPmessagesandonlyLayer3andLayer4fixupsaredone.
AsperRFC5128,NATTCPSIPALGfeatureusesEndpoint-Independentmappingtoperformaddresstranslations.
ThiscombinationallowsincomingSIPtrafficfromanyexternalendpointonthepublicnetworktoamappedpublicport.
IfyoudonotneedEndpoint-Independentmapping,useACLorZone-basedPolicyFirewalltolimitthescopeofincomingtraffic.
InformationAboutNATTCPSIPALGSupportNATTCPSIPALGSupportOverviewTheNATTCPSIPALGSupportfeatureallowsembeddedmessagesoftheSessionInitiationProtocol(SIP)passingthroughadevicethatisconfiguredwithNetworkAddressTranslation(NAT)tobetranslatedandencodedbacktothepacket.
Anapplication-layergateway(ALG)isusedwithNATtotranslatetheSIPorSessionDescriptionProtocol(SDP)messages.
TheNATTCPSIPALGSupportfeatureaddsNATALGsupportforfixingupTCP-basedSIPmessages.
SessionInitiationProtocol(SIP)isanASCII-based,application-layercontrolprotocolthatcanbeusedtoestablish,maintain,andterminatecallsbetweentwoormoreendpoints.
SIPisaprotocoldevelopedbyIETFformultimediaconferencingoverIP.
SIPcanbeconfiguredtooperateoverTCP-basedtransports.
CiscoSIPimplementationenablessupportedCiscoplatformstosignalthesetupofvoiceandmultimediacallsoverIPnetworks.
SIPprovidesanalternativetoH.
323withintheVoIPinternetworkingsoftware.
LikeotherVoIPprotocols,SIPisdesignedtoaddressfunctionsofsignalingandsessionmanagementwithinapackettelephonynetwork.
Signalingallowscallinformationtobecarriedacrossnetworkboundaries.
Sessionmanagementprovidestheabilitytocontrolattributesofanend-to-endcall.
SessionDescriptionProtocol(SDP)isaprotocolthatdescribesmultimediasessions.
SDPcanbeusedinSIPmessagebodiestodescribemultimediasessionsusedforcreatingandcontrollingmultimediasessionswithtwoormoreparticipants.
SIPMessagesEntitiesthatarepresentinaSessionInitiationProtocol(SIP)deploymentcommunicatewitheachotherbyusingwell-definedSIPmessagesthattaketheformofrequestsandresponses.
TheseSIPmessagescancontainembeddedIPaddressorportinformationthatmightbelongtoaprivatedomain,andsuchmessagesmustbefixedupwhentheypassthroughaNetworkAddressTranslation(NAT)device.
FixupdenotesthewritingofthetranslatedIPaddressbackintothepacket.
Thisfixupisnormallyperformedbyanapplication-layergateway(alsocalledanapplication-levelgateway)(ALG)modulethatresidesontheNATdevice.
Bydefault,supportforSIPisenabledonthestandardTCPport5060toexchangeSIPmessages.
YoucanalsoconfigurenonstandardportsforSIPtooperate.
NATALGacceptsandattemptsfixupoperationsonallTCPsegmentsthatoriginatefromoraredestinedtotheconfiguredSIPport.
SIPmessageprocessinginvolvesperformingthefixupoperationonacompleteSIPmessage.
ATCPsegmentmaycarrymultipleSIPmessages.
ItisalsopossiblethataSIPmessageissegmentedandcarriedintwodifferentTCPsegments.
SIPmessagesaretextbased.
AnyadjustmentthatismadetothemessageaspartoftheALGfixupcanresultinthemessagetoincreaseordecreaseinsize.
AchangeinthemessagesizemeansthattheALGmustmakeNATTCPSIPALGSupport2NATTCPSIPALGSupportInformationAboutNATTCPSIPALGSupportadjustmentstotheTCPsequenceoracknowledgmentnumbersandkeeptrackofthesame.
TherearecaseswheretheALGmustperformspoofacknowledgmentsandcompleteTCPretransmission.
TCPproxyisanessentialcomponentthatterminatesaTCPconnectionpassingthroughNATALGandregeneratestheTCPconnection.
ThisconnectionallowsNATALGtomodifytheTCPpayloadwithoutanyTCPsessionhandlingissues.
ThetablebelowidentifiesthesixavailableSIPrequestmessages.
Table1:SIPRequestMessagesPurposeSIPMessageSentbycallingpartytoconfirmthereceiptofafinalresponsetoINVITE.
ACKSentbycallingpartyorcalledpartytoendacall.
BYESenttoendacallthathasnotyetbeenconnected.
CANCELRequestsentfromaUserAgentClient(UAC)toinitiateasession.
INVITESenttoquerycapabilitiesofUACsandnetworkservers.
OPTIONSSentbytheclienttoregistertheaddresswithaSIPproxy.
REGISTERThetablebelowidentifiestheavailableSIPresponsemethods.
Table2:SIPResponseMessagesPurposeSIPMessage100=Trying180=Ringing181=CallIsBeingForwarded182=Queued183=SessionProgress1xx(Informational)200=OK2xx(Successful)300=MultipleChoices301=MovedPermanently302=MovedTemporarily303=SeeOther305=UseProxy380=AlternativeService3xx(Redirection)NATTCPSIPALGSupport3NATTCPSIPALGSupportSIPMessagesPurposeSIPMessage400=BadRequest401=Unauthorized402=PaymentRequired403=Forbidden404=NotFound405=MethodNotAllowed406=NotAcceptable407=ProxyAuthenticationRequired408=RequestTimeout409=Conflict410=Gone411=LengthRequired413=RequestEntityTooLarge414=RequestURITooLarge415=UnsupportedMediaType420=BadExtension480=TemporarilyNotAvailable481=CallLeg/TransactionDoesNotExist482=LoopDetected483=TooManyHops484=AddressIncomplete485=Ambiguous486-BusyHere4xx(RequestFailure)500=InternalServerError501=NotImplemented502=BadGateway503=ServiceUnavailable504=GatewayTimeout505=SIPVersionNotSupported5xx(ServerFailure)NATTCPSIPALGSupport4NATTCPSIPALGSupportSIPMessagesPurposeSIPMessage600=BusyAnywhere603=Decline604=DoesNotExistAnywhere606=NotAcceptable6xx(GlobalFailure)SIPFunctionalityUsersinaSIPnetworkareidentifiedbyuniqueSIPaddresses.
ASIPaddressissimilartoane-mailaddressandisintheformatsip:userID@gateway.
com.
TheuserIDcanbeeitherausernameoranE.
164address.
Thegatewaycanbeeitheradomain(withorwithoutahostname)oraspecificinternetIPaddress.
AnE.
164addressisatelephonenumberwithastringofdecimaldigits,whichuniquelyindicatesthepublicnetworkterminationpoint.
Thisaddresscontainsallinformationthatisnecessarytorouteacalltoaterminationpoint.
NoteUsersregisterwitharegistrarserverusingtheirassignedSIPaddresses.
TheregistrarserverprovidesSIPaddressestothelocationserveronrequest.
Theregistrarserverprocessesrequestsfromuser-agentclients(UACs)forregistrationoftheircurrentlocations.
Whenauserinitiatesacall,aSIPrequestissenttoaSIPserver(eitheraproxyoraredirectserver).
Therequestincludestheaddressofthecaller(intheFromheaderfield)andtheaddressoftheintendedcalledparty(intheToheaderfield).
ASIPendusermightmovebetweenendsystems.
ThelocationoftheendusercanbedynamicallyregisteredwiththeSIPserver.
Thelocationservercanuseoneormoreprotocols(includingFinger,RWhois,andLightweightDirectoryAccessProtocol[LDAP])tolocatetheenduser.
Becausetheendusercanbeloggedinatmorethanonestationandthelocationservercansometimeshaveinaccurateinformation,thelocationservermightreturnmorethanoneaddressfortheenduser.
IftherequestiscomingthroughaSIPproxyserver,theproxyservertrieseachofthereturnedaddressesuntilitlocatestheenduser.
IftherequestiscomingthroughaSIPredirectserver,theredirectserverforwardsalltheaddressestothecalleravailableintheContactheaderfieldoftheinvitationresponse.
SIPFunctionalitywithaProxyServerAproxyserverreceivesSessionInitiationProtocol(SIP)requestsfromaclientandforwardsthemontheclient'sbehalf.
ProxyserversreceiveSIPmessagesandforwardthemtothenextSIPserverinthenetwork.
Proxyserverscanprovidefunctionssuchasauthentication,authorization,networkaccesscontrol,routing,reliablerequestretransmission,andsecurity.
SIPisapeer-to-peerprotocol.
Thepeersinasessionarecalleduseragents(UAs).
Whencommunicatingthroughaproxyserver,thecallerUAsendsanINVITErequesttotheproxyserverandthentheproxyserverdeterminesthepathandforwardstherequesttothecalledparty.
ThecalledUArespondstotheproxyserver,whichthenforwardstheresponsetothecaller.
Whenbothpartiesrespondwithanacknowledgment(SIPACKmessage),theproxyserverforwardstheacknowledgmentstotheirintendedpartyNATTCPSIPALGSupport5NATTCPSIPALGSupportSIPFunctionalityandasession,orconference,isestablishedbetweenthem.
TheReal-timeTransferProtocol(RTP)isthenusedforcommunicationacrosstheconnectionnowestablishedbetweenthecallerandcalledUA.
HowtoConfigureNATTCPSIPALGSupportSpecifyingaPortforNATTCPSIPALGSupportNetworkAddressTranslation(NAT)supportforSessionInitiationProtocol(SIP)isenabledbydefault.
SIPusesthedefaultTCPport5060toexchangemessages.
Ifrequired,youcanconfigureadifferentporttohandleSIPmessages.
SUMMARYSTEPS1.
enable2.
configureterminal3.
ipnatservicesiptcpportport-number4.
end5.
debugipnatsipDETAILEDSTEPSPurposeCommandorActionEnablesprivilegedEXECmode.
enableStep1Example:Enteryourpasswordifprompted.
Device>enableEntersglobalconfigurationmode.
configureterminalExample:Step2Device#configureterminalSpecifiesaportnumberotherthanthedefaultport.
ipnatservicesiptcpportport-numberExample:Step3Device(config)#ipnatservicesiptcpport8000ExitsglobalconfigurationmodeandreturnstoprivilegedEXECmode.
endExample:Step4Device(config)#endDisplaysSIPmessagesthatNATrecognizesandtheembeddedIPaddressescontainedinthosemessages.
debugipnatsipExample:Step5Device#debugipnatsipNATTCPSIPALGSupport6NATTCPSIPALGSupportHowtoConfigureNATTCPSIPALGSupportConfigurationExamplesforNATTCPSIPALGSupportExample:SpecifyingaPortforNATTCPSIPALGSupportThefollowingexampleshowshowtoconfigurethenonstandardport8000:Device(config)#ipnatservicesiptcpport8000Thefollowingissampleoutputfromthedebugipnatsipcommand:Device#debugipnatsipMay2314:11:17.
243IST:NAT-L4F:settingALG_NEEDEDflaginsubblockforSIPmessageMay2314:11:17.
243IST:NAT-ALG:lookup=0l7_bytes_recd=509appl_type=7May2314:11:17.
243IST:NAT-ALG:CompleteSIPMessageheaderofsize:376May2314:11:17.
243IST:NAT-ALG:Messagebodylength:133May2314:11:17.
243IST:NAT-ALG:TotalSIPmessagelength:509May2314:11:17.
243IST:NAT-ALG:afterstatemachine:May2314:11:17.
243IST:NAT-ALG:l7_bytes_recd=509May2314:11:17.
243IST:NAT-ALG:remaining_hdr_sz=0May2314:11:17.
243IST:NAT-ALG:remaining_payl_sz=0May2314:11:17.
243IST:NAT-ALG:tcp_alg_state=0May2314:11:17.
243IST:NAT-ALG:complete_msg_len=509May2314:11:17.
243IST:NAT-SIP-TCP:NumberofSIPmessagesreceived:1May2314:11:17.
243IST:NAT:SIP:[0]processingINVITEmessageMay2314:11:17.
243IST:NAT:SIP:[0]register:0door_created:0May2314:11:17.
243IST:NAT:SIP:[0]translatedembeddedaddress192.
168.
122.
3->10.
1.
1.
1May2314:11:17.
243IST:NAT:SIP:[0]register:0door_created:0May2314:11:17.
243IST:NAT:SIP:[0]translatedembeddedaddress192.
168.
122.
3->10.
1.
1.
1May2314:11:17.
243IST:NAT:SIP:[0]register:0door_created:0May2314:11:17.
243IST:NAT:SIP:[0]register:0door_created:0May2314:11:17.
243IST:NAT:SIP:ContactheaderfoundMay2314:11:17.
243IST:NAT:SIP:TryingtofindexpiresparameterMay2314:11:17.
243IST:NAT:SIP:[0]translatedembeddedaddress192.
168.
122.
3->10.
1.
1.
1May2314:11:17.
243IST:NAT:SIP:[0]register:0door_created:0May2314:11:17.
243IST:NAT:SIP:[0]messagebodyfoundMay2314:11:17.
243IST:NAT:SIP:MediaLinespresent:1May2314:11:17.
243IST:NAT:SIP:Translatedglobalm=(192.
168.
122.
3,6000)->(10.
1.
1.
1,6000)May2314:11:17.
243IST:NAT:SIP:old_sdp_len:133new_sdp_len:130May2314:11:17.
243IST:l4f_sendreturns497bytesMay2314:11:17.
243IST:CompletebufferwrittentoproxyAdditionalReferenceforNATTCPSIPALGSupportRelatedDocumentsDocumentTitleRelatedTopicCiscoIOSMasterCommandList,AllReleasesCiscoIOScommandsCiscoIOSIPAddressingServicesCommandReferenceNATcommandsNATTCPSIPALGSupport7NATTCPSIPALGSupportConfigurationExamplesforNATTCPSIPALGSupportStandardsandRFCsTitleStandard/RFCSIP:SessionInitiationProtocolRFC2543TechnicalAssistanceLinkDescriptionhttp://www.
cisco.
com/cisco/web/support/index.
htmlTheCiscoSupportandDocumentationwebsiteprovidesonlineresourcestodownloaddocumentation,software,andtools.
UsetheseresourcestoinstallandconfigurethesoftwareandtotroubleshootandresolvetechnicalissueswithCiscoproductsandtechnologies.
AccesstomosttoolsontheCiscoSupportandDocumentationwebsiterequiresaCisco.
comuserIDandpassword.
FeatureInformationforNATTCPSIPALGSupportThefollowingtableprovidesreleaseinformationaboutthefeatureorfeaturesdescribedinthismodule.
Thistablelistsonlythesoftwarereleasethatintroducedsupportforagivenfeatureinagivensoftwarereleasetrain.
Unlessnotedotherwise,subsequentreleasesofthatsoftwarereleasetrainalsosupportthatfeature.
UseCiscoFeatureNavigatortofindinformationaboutplatformsupportandCiscosoftwareimagesupport.
ToaccessCiscoFeatureNavigator,gotowww.
cisco.
com/go/cfn.
AnaccountonCisco.
comisnotrequired.
Table3:FeatureInformationforNATTCPSIPALGSupportFeatureInformationReleasesFeatureNameTheNATTCPSIPALGSupportfeatureallowsembeddedmessagesoftheSessionInitiationProtocol(SIP)passingthroughadevicethatisconfiguredwithNetworkAddressTranslation(NAT)tobetranslatedandencodedbacktothepacket.
Anapplication-layergateway(ALG)isusedwithNATtotranslatetheSIPorSessionDescriptionProtocol(SDP)messages.
15.
3(1)TNATTCPSIPALGSupportNATTCPSIPALGSupport8NATTCPSIPALGSupportFeatureInformationforNATTCPSIPALGSupport