Solved

SIP inspection Cisco asa 5505

Posted on 2011-03-24
11
2,623 Views
Last Modified: 2012-05-11
The problem with the incoming voice to sip phone behind cisco asa 5505. Network diagram is as follows:the asterisk is it in the DMZ for cisco asa 5505  in city A. Included static nat 5060 and included inspect SIP. Everything works. cisco asa 5505 have put in city B too, included  inspect SIP. But SIP phone did not work correctly (no incoming voice). SIP phone is in the inside network. If SIP phone get without cisco asa 5505, then everything works.
0
Comment
Question by:RuslanMith
11 Comments
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35205015
Anything showing in the logs of the ASA?
0
 

Author Comment

by:RuslanMith
ID: 35205611

Teardown UDP connection 13274 for outside:vakazanova-primary/0 to inside:rdp_host/5060
Teardown UDP connection 13273 for outside:vakazanova-primary/0 to inside:rdp_host/5060
Teardown UDP connection 13272 for outside:vakazanova-primary/0 to inside:rdp_host/5060
Teardown UDP connection 13271 for outside:vakazanova-primary/0 to inside:rdp_host/5060
Teardown UDP connection 13270 for outside:vakazanova-primary/0 to inside:rdp_host/5060
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35205624
So in city B the asterisk is in the DMZ as well?
I ask because I see the connections going from the outside to the inside (?)
0
Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

 

Author Comment

by:RuslanMith
ID: 35205647
No, asterisk is only city A in dmz behind ciscoasa1 and work perfect. Sip phone is city B in inside behind ciscoasa2 and not incoming voice. If SIP phone get without ciscoasa2 in city B, then everything works
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35205657
Looks like something is being blocked. In city B you also allowed the correct ports from the outside to the inside (the phone)?
0
 
LVL 5

Expert Comment

by:shubhanshu_jaiswal
ID: 35208030
exclude SIP Inspection from the new firewall...
0
 

Author Comment

by:RuslanMith
ID: 35229337
If disable inspect in the city B, then SIP phone didn't register to asterisk in the city A. But SIP phone register on any SIP ISP. If enable inspect SIP in the city B,  then I see strange logs in the city A.Instead 192.168.1.8  must Public IP. When problem? Logs
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 35229806
Just remembered:
Check the sip.conf on the asterisk server to see if externip and localnet are defined you need to set those otherwise you get those strange logs.

So externip should be the public address of the sip server
externip = 80.80.80.80
and localnet the internal ip range the server is in:
localnet = 192.168.1.0/24

Let's see if that helps.
0
 

Accepted Solution

by:
RuslanMith earned 0 total points
ID: 35230536
Solved the problem. Should be included on cisco asa Inspect RTSP.
0
 
LVL 69

Expert Comment

by:Qlemo
ID: 35481687
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
azure vpn connection 3 66
HTTPS/SSL based VPN will full functionality? 2 65
eigrp in site-to-site vpn 4 53
ASA configuration 2 39
Overview Often, we set up VPN appliances where the connected clients are on a separate subnet and the company will have alternate internet connections and do not use this particular device as the gateway for certain servers or clients. In this case…
OpenVPN is a great open source VPN server that is capable of providing quick and easy VPN access to your network on the cheap.  By default the software is configured to allow open access to your network.  But what if you want to restrict users to on…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question