Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2164
  • Last Modified:

Lync 2010 TMG and Cisco ASA 5510 with ITSP

We are trying to implement a SIP trunk privded from Intelepeer to our Lync 2010 Mediation server. We have 2 firewalls, the external Firewall is a Cisco ASA 5510 and the internal firewall is a MS Threat Management Gateway (TMG). What we are trying to do is get the SIP and RTP traffic to go through the Cisco Firewall to our TMG firewall to the Lync Mediation server.

On the External ASA firewall I have allowed SIP (TCP 5060) in from Intelepeer IP. Then i have NAT'd that to the DMZ IP address. I have also Disabled SIP inspection (I found that when it was enabled it was dropping outbound INVITE sip packets).

access-list Outside_access_in extended permit tcp host 68.68.124.55 host 200.50.1.77 eq sip
static (inside,Outside) 200.50.1.77 10.10.0.11 netmask 255.255.255.255.

Open in new window


Global Policy does not have inspect SIP


On the TMG I ran through the VOIP wizard and it created 6 rules for me. I had to edit a couple because it used SIP (UDP 5060) rather than TCP 5060 (required by Intelepeer).

This leaves me with our current issue. I can make external calls (to cell phones and land lines..) from my Lync Client and I get 2 way communication (I hear them, they hear me). that works fine

I cannot however make an inbound call to a DID provided by Intelepeer. I do not see the SIP traffic getting to my Lync Mediation server. I noticed that there was a Non-Webserver publishing rule usign SIP-Server as the protocol (UDP5060). I changed that SIP-TCP (TCP5060) and the calls are now coming through to my Lync client, BUT I cannot hear the person talking on the other end. They can hear me fine. My packet capture shows the outbound RTP but no inbound RTP. This only happens when someone calls in. Outgoing calls from Lync work fine (I can see the inbound and outbound RTP traffic).

Any ideas?
0
damte
Asked:
damte
  • 2
2 Solutions
 
Keith AlabasterEnterprise ArchitectCommented:
What do you see in the TMG realtime log viewer?
0
 
damteAuthor Commented:
I checked the logs and noticed that some traffic was being blocked. I allowed the traffic that was beign identified as Lync RTP TCP. Once I did that I know saw the packets getting to the Lync mediation server but still no incoming voice.

Eventually I bypassed the TMG server and connected the Mediation server to the ASA firewall and it worked just fine.
0
 
damteAuthor Commented:
I was not able to get this working through both the firewalls, in the end I had to remove one.
0
 
WRAR-AdminCommented:
What exactly did you do? I am also on Lync 10 Ent for VOice w/ Intelepeer.. I am having the same issues when I go from 8.2.x to anything higher. I am not inspecting SIP.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now