Solved

sip registration problem  with trixbox

Posted on 2011-03-01
4
983 Views
Last Modified: 2012-05-11
remove the inspection of SIP on cisco asa 5505
0
Comment
Question by:WILLSGON
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 

Author Comment

by:WILLSGON
ID: 35014562
remove sip inspection on a cisco asa 5505 because phones are not registering
0
 
LVL 6

Expert Comment

by:mark_06
ID: 35017104
Can you post your PIX config?
0
 

Author Comment

by:WILLSGON
ID: 35053322
nterface Ethernet0/0
 nameif outside
 security-level 0
 ip address 64.58.99.54 255.255.255.248
!
interface Ethernet0/1
 nameif etc
 security-level 100
 ip address 172.16.1.1 255.255.255.0
!
interface Ethernet0/2
 description voice vlan
 nameif voip
 security-level 100
 ip address 172.16.7.1 255.255.255.0
!
interface Ethernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0
 management-only
!
ftp mode passive
dns server-group DefaultDNS
 domain-name ag.wfp.org
access-list etc_access_in extended permit ip 172.16.1.0 255.255.255.0 any
access-list voip_access_in extended permit ip 172.16.7.0 255.255.255.0 any
access-list outside_access_in extended permit ip any host 64.58.88.52
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu ETC 1500
mtu voip 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (ETC) 1 172.16.1.0 255.255.255.0
nat (voip) 1 172.16.7.0 255.255.255.0
access-group etc_access_in in interface etc
access-group voip_access_in in interface voip
route outside 0.0.0.0 0.0.0.0 64.58.99.49 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 management
http 172.16.7.0 255.255.255.0 voip
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny  
  inspect sunrpc
  inspect xdmcp
  inspect sip  
  inspect netbios
  inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:b935b3fef7c82481535359a5eb6e0635
: end
0
 
LVL 3

Accepted Solution

by:
nickswanjan earned 500 total points
ID: 35068929
You can remove SIP inspection from your config with the following commands:

asa# configure terminal
asa(config)# policy-map global_policy
asa(config-pmap)# class inspection_default
asa(config-pmap-c)# no inspect sip
^Z

However, this may not fix your problem since SIP packets may not be processed correctly for NAT/PAT.

You don't mention what version of ASA software you are running? There were several older versions that had a variety of SIP processing problems. I would recommend upgrading to a recent version if you can before you try disabling inspection. I am currently running 8.2.4 with SIP on a 5505 and it works very well. Here is a link for the release notes, note all of the resolved SIP caveats.

http://www.cisco.com/en/US/docs/security/asa/asa82/release/notes/asarn82.html
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently purchased a Bluetooth headset called the Music Jogger (model BSH10). The control buttons on it look like this: One of my goals is to use it as the microphone and speakers for Skype calls. In that respect, it works well. However, I …
Almost all Internet protocol telephones have built-in switches at the back that allow you to connect your personal computer to one port and use the other port to connect your phone to to a Cisco switch.   Why we need to connect the PC to the pho…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question