R E V I E W D R A F T # 1 — C I S C O C O N F I D E N T I A L
C-3
Cisco WRP500 Administration Guide
Appendix C Troubleshooting
Q. The WRP500 is behind a NAT device or firewall and I’m unable to make a call or I’m only
receiving a one-way connection. What should I do?
Complete the following steps.
1.
Configure your router to port forward “TCP port 80" to the IP address of the WRP500. You should
use a static IP address. (For help with port forwarding, consult the documentation for the NAT device
or firewall.)
2.
On the Line tab of the Configuration Utility, change the value of
Nat Mapping Enable
to
yes
. On the
SIP tab; change
Substitute VIA Addr
to
yes
, and the
EXT IP
parameter to the IP address of your
router.
3.
Make sure you are not blocking the UDP PORT 5060,5061 and port for UDP packets in the range
of 16384-16482. Also, disable “SPI” if this feature is provided by your firewall. Identify the SIP
server to which the WRP500 is registering, if it supports NAT, using the
Outbound Proxy
parameter.
4.
Add a STUN server to allow traversal of UDP packets through the NAT device. On the SIP tab of
the Configuration Utility, set
STUN Enable
to
yes
, and enter the IP address of the STUN server in
STUN Server
.
STUN (Simple Traversal of UDP through NATs) is a protocol defined by RFC 3489, that allows a
client behind a NAT device to find out its public address, the type of NAT it is behind, and the port
associated on the Internet connection with a particular local port. This information is used to set up
UDP
communication between two hosts that are both behind NAT routers. Open source STUN software
can be obtained at the following address:
http://www.voip-info.org/wiki-Open+VOIP+Software
Note
STUN does not work with a symmetric NAT router. Enable debug through syslog (see FAQ#10),
and set
STUN Test Enable
to
yes
. The messages indicate whether you have symmetric NAT or
not.
