Solved

Lync 2010 TMG and Cisco ASA 5510 with ITSP

Posted on 2012-03-22
4
2,105 Views
Last Modified: 2013-02-26
We are trying to implement a SIP trunk privded from Intelepeer to our Lync 2010 Mediation server. We have 2 firewalls, the external Firewall is a Cisco ASA 5510 and the internal firewall is a MS Threat Management Gateway (TMG). What we are trying to do is get the SIP and RTP traffic to go through the Cisco Firewall to our TMG firewall to the Lync Mediation server.

On the External ASA firewall I have allowed SIP (TCP 5060) in from Intelepeer IP. Then i have NAT'd that to the DMZ IP address. I have also Disabled SIP inspection (I found that when it was enabled it was dropping outbound INVITE sip packets).

access-list Outside_access_in extended permit tcp host 68.68.124.55 host 200.50.1.77 eq sip
static (inside,Outside) 200.50.1.77 10.10.0.11 netmask 255.255.255.255.

Open in new window


Global Policy does not have inspect SIP


On the TMG I ran through the VOIP wizard and it created 6 rules for me. I had to edit a couple because it used SIP (UDP 5060) rather than TCP 5060 (required by Intelepeer).

This leaves me with our current issue. I can make external calls (to cell phones and land lines..) from my Lync Client and I get 2 way communication (I hear them, they hear me). that works fine

I cannot however make an inbound call to a DID provided by Intelepeer. I do not see the SIP traffic getting to my Lync Mediation server. I noticed that there was a Non-Webserver publishing rule usign SIP-Server as the protocol (UDP5060). I changed that SIP-TCP (TCP5060) and the calls are now coming through to my Lync client, BUT I cannot hear the person talking on the other end. They can hear me fine. My packet capture shows the outbound RTP but no inbound RTP. This only happens when someone calls in. Outgoing calls from Lync work fine (I can see the inbound and outbound RTP traffic).

Any ideas?
0
Comment
Question by:damte
  • 2
4 Comments
 
LVL 51

Assisted Solution

by:Keith Alabaster
Keith Alabaster earned 250 total points
ID: 37756132
What do you see in the TMG realtime log viewer?
0
 

Accepted Solution

by:
damte earned 0 total points
ID: 37779317
I checked the logs and noticed that some traffic was being blocked. I allowed the traffic that was beign identified as Lync RTP TCP. Once I did that I know saw the packets getting to the Lync mediation server but still no incoming voice.

Eventually I bypassed the TMG server and connected the Mediation server to the ASA firewall and it worked just fine.
0
 

Author Closing Comment

by:damte
ID: 37795186
I was not able to get this working through both the firewalls, in the end I had to remove one.
0
 
LVL 2

Expert Comment

by:WRAR-Admin
ID: 38932276
What exactly did you do? I am also on Lync 10 Ent for VOice w/ Intelepeer.. I am having the same issues when I go from 8.2.x to anything higher. I am not inspecting SIP.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Cisco C3750X Switch 19 75
Cisco ASA two factor VPN 3 39
shrewsoft VPN client and DNS 6 48
Configuring EIGRP with neighbor command 25 44
Almost all Internet protocol telephones have built-in switches at the back that allow you to connect your personal computer to one port and use the other port to connect your phone to to a Cisco switch.   Why we need to connect the PC to the pho…
As companies replace their old PBX phone systems with Unified IP Communications, many are finding out that legacy applications such as fax do not work well with VoIP. Fortunately, Cloud Faxing provides a cost-effective alternative that works over an…
This video discusses moving either the default database or any database to a new volume.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now