Lync 2010 TMG and Cisco ASA 5510 with ITSP

We are trying to implement a SIP trunk privded from Intelepeer to our Lync 2010 Mediation server. We have 2 firewalls, the external Firewall is a Cisco ASA 5510 and the internal firewall is a MS Threat Management Gateway (TMG). What we are trying to do is get the SIP and RTP traffic to go through the Cisco Firewall to our TMG firewall to the Lync Mediation server.

On the External ASA firewall I have allowed SIP (TCP 5060) in from Intelepeer IP. Then i have NAT'd that to the DMZ IP address. I have also Disabled SIP inspection (I found that when it was enabled it was dropping outbound INVITE sip packets).

access-list Outside_access_in extended permit tcp host 68.68.124.55 host 200.50.1.77 eq sip
static (inside,Outside) 200.50.1.77 10.10.0.11 netmask 255.255.255.255.

Open in new window


Global Policy does not have inspect SIP


On the TMG I ran through the VOIP wizard and it created 6 rules for me. I had to edit a couple because it used SIP (UDP 5060) rather than TCP 5060 (required by Intelepeer).

This leaves me with our current issue. I can make external calls (to cell phones and land lines..) from my Lync Client and I get 2 way communication (I hear them, they hear me). that works fine

I cannot however make an inbound call to a DID provided by Intelepeer. I do not see the SIP traffic getting to my Lync Mediation server. I noticed that there was a Non-Webserver publishing rule usign SIP-Server as the protocol (UDP5060). I changed that SIP-TCP (TCP5060) and the calls are now coming through to my Lync client, BUT I cannot hear the person talking on the other end. They can hear me fine. My packet capture shows the outbound RTP but no inbound RTP. This only happens when someone calls in. Outgoing calls from Lync work fine (I can see the inbound and outbound RTP traffic).

Any ideas?
damteAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Keith AlabasterEnterprise ArchitectCommented:
What do you see in the TMG realtime log viewer?
0
damteAuthor Commented:
I checked the logs and noticed that some traffic was being blocked. I allowed the traffic that was beign identified as Lync RTP TCP. Once I did that I know saw the packets getting to the Lync mediation server but still no incoming voice.

Eventually I bypassed the TMG server and connected the Mediation server to the ASA firewall and it worked just fine.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
damteAuthor Commented:
I was not able to get this working through both the firewalls, in the end I had to remove one.
0
WRAR-AdminCommented:
What exactly did you do? I am also on Lync 10 Ent for VOice w/ Intelepeer.. I am having the same issues when I go from 8.2.x to anything higher. I am not inspecting SIP.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.