Filter
Top Products
8-5
Cisco IOS XE Integrated Session Border Controller Configuration Guide for the Cisco ASR 1000 Series Aggregation Services Routers
OL-15421-01
Chapter 8 Integrated Session Border Controller Security
NAPT and NAT Traversal
Note A termination can be described as a point of entry or exit of media flows relative to the DBE.
Terminations may share a single local address and port under one or the other of the following
conditions:
• Terminations have an MGC-managed local address, in which case they must be specified with a
proper gm/sam.
• Terminations are specified with a gm/sam and the address is “non-local”; that is, the pinhole is No
NAPT or the termination is the one that is the unwritten flow of a Single NAPT pinhole.
This enhancement supports the following functionality:
• Call signaling can be routed to the MGC through the DBE.
• Call signaling from different subscribers can be routed through different pinholes on the DBE.
These different pinholes can share the same IP address and port on the subscriber side on the DBE.
This is a typical scenario on the User-Network Interface, where it is simpler to publish a single IP
and port to many subscribers.
DBE Restrictions
The following is a restriction of DBE support for this feature:
• Only three different lengths of network masks can be in use at the same time on a given local address
and port combination. Otherwise, the DBE issues error 510 “Insufficient Resources.”
NAPT and NAT Traversal
The data border element (DBE) performs translation of IP addresses and port numbers via Network
Address and Port Translation (NAPT) and Network Address Translation (NAT) Traversal functions in
both directions.
NAT converts an IP address from a private address to a public address in real time. It allows multiple
users to share a single public IP address. The DBE can learn the NAT’s public address and latch onto it
for that flow.
Remote Source Address Mask Filtering
This feature adds support for the Remote Source Address Filtering (saf) and Remote Source Address
Mask (rsam) properties of the ETSI TS 102 333 Gate Management (GM) package.
1
The media gateway controller (MGC) can specify the gm/saf and gm/rsam properties of terminations in
Add and Modify requests. The SBC reports them in Audit responses.
This feature allows the MGC to program multiple terminations with the same local address and port,
VPN ID, and transport protocol, as long as the multiple terminations are distinguished by their remote
source address mask, and the local address is taken from an MGC-managed address range.
This feature supports a single local address for each phone where each phone transmits media using a
single pinhole. This means several signaling flows or pinholes can have the same address and port.
1. ETSI TS 102 333 version 1.1.2 Gate Management Package