Solved

Lync 2010 TMG and Cisco ASA 5510 with ITSP

Posted on 2012-03-22
4
2,130 Views
Last Modified: 2013-02-26
We are trying to implement a SIP trunk privded from Intelepeer to our Lync 2010 Mediation server. We have 2 firewalls, the external Firewall is a Cisco ASA 5510 and the internal firewall is a MS Threat Management Gateway (TMG). What we are trying to do is get the SIP and RTP traffic to go through the Cisco Firewall to our TMG firewall to the Lync Mediation server.

On the External ASA firewall I have allowed SIP (TCP 5060) in from Intelepeer IP. Then i have NAT'd that to the DMZ IP address. I have also Disabled SIP inspection (I found that when it was enabled it was dropping outbound INVITE sip packets).

access-list Outside_access_in extended permit tcp host 68.68.124.55 host 200.50.1.77 eq sip
static (inside,Outside) 200.50.1.77 10.10.0.11 netmask 255.255.255.255.

Open in new window


Global Policy does not have inspect SIP


On the TMG I ran through the VOIP wizard and it created 6 rules for me. I had to edit a couple because it used SIP (UDP 5060) rather than TCP 5060 (required by Intelepeer).

This leaves me with our current issue. I can make external calls (to cell phones and land lines..) from my Lync Client and I get 2 way communication (I hear them, they hear me). that works fine

I cannot however make an inbound call to a DID provided by Intelepeer. I do not see the SIP traffic getting to my Lync Mediation server. I noticed that there was a Non-Webserver publishing rule usign SIP-Server as the protocol (UDP5060). I changed that SIP-TCP (TCP5060) and the calls are now coming through to my Lync client, BUT I cannot hear the person talking on the other end. They can hear me fine. My packet capture shows the outbound RTP but no inbound RTP. This only happens when someone calls in. Outgoing calls from Lync work fine (I can see the inbound and outbound RTP traffic).

Any ideas?
0
Comment
Question by:damte
  • 2
4 Comments
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 250 total points
ID: 37756132
What do you see in the TMG realtime log viewer?
0
 

Accepted Solution

by:
damte earned 0 total points
ID: 37779317
I checked the logs and noticed that some traffic was being blocked. I allowed the traffic that was beign identified as Lync RTP TCP. Once I did that I know saw the packets getting to the Lync mediation server but still no incoming voice.

Eventually I bypassed the TMG server and connected the Mediation server to the ASA firewall and it worked just fine.
0
 

Author Closing Comment

by:damte
ID: 37795186
I was not able to get this working through both the firewalls, in the end I had to remove one.
0
 
LVL 2

Expert Comment

by:WRAR-Admin
ID: 38932276
What exactly did you do? I am also on Lync 10 Ent for VOice w/ Intelepeer.. I am having the same issues when I go from 8.2.x to anything higher. I am not inspecting SIP.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Cisco ASA 5506W VPN Clients not seeing local network 12 42
set url:tel to a website 3 75
Cisco SSLVPN webpage is not loading 3 17
ASA 5505 packet drops 14 43
Almost all Internet protocol telephones have built-in switches at the back that allow you to connect your personal computer to one port and use the other port to connect your phone to to a Cisco switch.   Why we need to connect the PC to the pho…
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question