• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2679
  • Last Modified:

SIP inspection Cisco asa 5505

The problem with the incoming voice to sip phone behind cisco asa 5505. Network diagram is as follows:the asterisk is it in the DMZ for cisco asa 5505  in city A. Included static nat 5060 and included inspect SIP. Everything works. cisco asa 5505 have put in city B too, included  inspect SIP. But SIP phone did not work correctly (no incoming voice). SIP phone is in the inside network. If SIP phone get without cisco asa 5505, then everything works.
0
RuslanMith
Asked:
RuslanMith
1 Solution
 
Ernie BeekCommented:
Anything showing in the logs of the ASA?
0
 
RuslanMithAuthor Commented:

Teardown UDP connection 13274 for outside:vakazanova-primary/0 to inside:rdp_host/5060
Teardown UDP connection 13273 for outside:vakazanova-primary/0 to inside:rdp_host/5060
Teardown UDP connection 13272 for outside:vakazanova-primary/0 to inside:rdp_host/5060
Teardown UDP connection 13271 for outside:vakazanova-primary/0 to inside:rdp_host/5060
Teardown UDP connection 13270 for outside:vakazanova-primary/0 to inside:rdp_host/5060
0
 
Ernie BeekCommented:
So in city B the asterisk is in the DMZ as well?
I ask because I see the connections going from the outside to the inside (?)
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
RuslanMithAuthor Commented:
No, asterisk is only city A in dmz behind ciscoasa1 and work perfect. Sip phone is city B in inside behind ciscoasa2 and not incoming voice. If SIP phone get without ciscoasa2 in city B, then everything works
0
 
Ernie BeekCommented:
Looks like something is being blocked. In city B you also allowed the correct ports from the outside to the inside (the phone)?
0
 
shubhanshu_jaiswalCommented:
exclude SIP Inspection from the new firewall...
0
 
RuslanMithAuthor Commented:
If disable inspect in the city B, then SIP phone didn't register to asterisk in the city A. But SIP phone register on any SIP ISP. If enable inspect SIP in the city B,  then I see strange logs in the city A.Instead 192.168.1.8  must Public IP. When problem? Logs
0
 
Ernie BeekCommented:
Just remembered:
Check the sip.conf on the asterisk server to see if externip and localnet are defined you need to set those otherwise you get those strange logs.

So externip should be the public address of the sip server
externip = 80.80.80.80
and localnet the internal ip range the server is in:
localnet = 192.168.1.0/24

Let's see if that helps.
0
 
RuslanMithAuthor Commented:
Solved the problem. Should be included on cisco asa Inspect RTSP.
0
 
QlemoC++ DeveloperCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now