Solved

Lync 2010 TMG and Cisco ASA 5510 with ITSP

Posted on 2012-03-22
4
2,123 Views
Last Modified: 2013-02-26
We are trying to implement a SIP trunk privded from Intelepeer to our Lync 2010 Mediation server. We have 2 firewalls, the external Firewall is a Cisco ASA 5510 and the internal firewall is a MS Threat Management Gateway (TMG). What we are trying to do is get the SIP and RTP traffic to go through the Cisco Firewall to our TMG firewall to the Lync Mediation server.

On the External ASA firewall I have allowed SIP (TCP 5060) in from Intelepeer IP. Then i have NAT'd that to the DMZ IP address. I have also Disabled SIP inspection (I found that when it was enabled it was dropping outbound INVITE sip packets).

access-list Outside_access_in extended permit tcp host 68.68.124.55 host 200.50.1.77 eq sip
static (inside,Outside) 200.50.1.77 10.10.0.11 netmask 255.255.255.255.

Open in new window


Global Policy does not have inspect SIP


On the TMG I ran through the VOIP wizard and it created 6 rules for me. I had to edit a couple because it used SIP (UDP 5060) rather than TCP 5060 (required by Intelepeer).

This leaves me with our current issue. I can make external calls (to cell phones and land lines..) from my Lync Client and I get 2 way communication (I hear them, they hear me). that works fine

I cannot however make an inbound call to a DID provided by Intelepeer. I do not see the SIP traffic getting to my Lync Mediation server. I noticed that there was a Non-Webserver publishing rule usign SIP-Server as the protocol (UDP5060). I changed that SIP-TCP (TCP5060) and the calls are now coming through to my Lync client, BUT I cannot hear the person talking on the other end. They can hear me fine. My packet capture shows the outbound RTP but no inbound RTP. This only happens when someone calls in. Outgoing calls from Lync work fine (I can see the inbound and outbound RTP traffic).

Any ideas?
0
Comment
Question by:damte
  • 2
4 Comments
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 250 total points
ID: 37756132
What do you see in the TMG realtime log viewer?
0
 

Accepted Solution

by:
damte earned 0 total points
ID: 37779317
I checked the logs and noticed that some traffic was being blocked. I allowed the traffic that was beign identified as Lync RTP TCP. Once I did that I know saw the packets getting to the Lync mediation server but still no incoming voice.

Eventually I bypassed the TMG server and connected the Mediation server to the ASA firewall and it worked just fine.
0
 

Author Closing Comment

by:damte
ID: 37795186
I was not able to get this working through both the firewalls, in the end I had to remove one.
0
 
LVL 2

Expert Comment

by:WRAR-Admin
ID: 38932276
What exactly did you do? I am also on Lync 10 Ent for VOice w/ Intelepeer.. I am having the same issues when I go from 8.2.x to anything higher. I am not inspecting SIP.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
So the following errors occurs in 2 ways that I am aware of at this stage, and you receive one of the following error messages: ERROR 1. When trying to save a rule: No Web listener is specified for the Web publishing rule Autodiscovery Publishin…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question