sip registration problem with trixbox

remove the inspection of SIP on cisco asa 5505
WILLSGONAsked:
Who is Participating?
 
nickswanjanCommented:
You can remove SIP inspection from your config with the following commands:

asa# configure terminal
asa(config)# policy-map global_policy
asa(config-pmap)# class inspection_default
asa(config-pmap-c)# no inspect sip
^Z

However, this may not fix your problem since SIP packets may not be processed correctly for NAT/PAT.

You don't mention what version of ASA software you are running? There were several older versions that had a variety of SIP processing problems. I would recommend upgrading to a recent version if you can before you try disabling inspection. I am currently running 8.2.4 with SIP on a 5505 and it works very well. Here is a link for the release notes, note all of the resolved SIP caveats.

http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html
0
 
WILLSGONAuthor Commented:
remove sip inspection on a cisco asa 5505 because phones are not registering
0
 
mark_06Commented:
Can you post your PIX config?
0
 
WILLSGONAuthor Commented:
nterface Ethernet0/0
 nameif outside
 security-level 0
 ip address 64.58.99.54 255.255.255.248
!
interface Ethernet0/1
 nameif etc
 security-level 100
 ip address 172.16.1.1 255.255.255.0
!
interface Ethernet0/2
 description voice vlan
 nameif voip
 security-level 100
 ip address 172.16.7.1 255.255.255.0
!
interface Ethernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0
 management-only
!
ftp mode passive
dns server-group DefaultDNS
 domain-name ag.wfp.org
access-list etc_access_in extended permit ip 172.16.1.0 255.255.255.0 any
access-list voip_access_in extended permit ip 172.16.7.0 255.255.255.0 any
access-list outside_access_in extended permit ip any host 64.58.88.52
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu ETC 1500
mtu voip 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (ETC) 1 172.16.1.0 255.255.255.0
nat (voip) 1 172.16.7.0 255.255.255.0
access-group etc_access_in in interface etc
access-group voip_access_in in interface voip
route outside 0.0.0.0 0.0.0.0 64.58.99.49 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 management
http 172.16.7.0 255.255.255.0 voip
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect sip  
  inspect netbios
  inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:b935b3fef7c82481535359a5eb6e0635
: end
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.