Cisco ASA

Hi,
I am trying to get voip working on my asa5505 and below is an error message I see on the firewall logs when I attempt to make the connection from an app on my Android phone to the phone system:

Deny TCP (no connection) from external_ip/54032 to outside_int_ip/8444 flags RST on interface outside.

Anyone seen this error before?

Cheers
minniejpAsked:
Who is Participating?
 
minniejpAuthor Commented:
I upgraded the firmware on the firewall and that worked as expected.
0
 
James HIT DirectorCommented:
If you are NAT'ing a public IP to your VOIP server you will need to create an ACL allowing that traffic otherwise the firewall will deny the packet. Can you show a sanitized copy of your config?
0
 
minniejpAuthor Commented:
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
minniejpAuthor Commented:
Hey Spartan,

See attached
Cheers
0
 
minniejpAuthor Commented:
Hi Spartan,

Have you had a chance to take a look?

Cheers
0
 
minniejpAuthor Commented:
any ideas?
0
 
arnoldCommented:
You are seemingly using the same One-X-Portal as both an object for the IP.
A group-object.

That makes reading the configuration..........

I do not see a QoS on your ASA.
nor that you are adding h323, sip to your inspect global policy

you should consider adding Quality of Service for VOIP traffic to prioritize it over everything else coming and leaving your network.

EE post that refers you to Cisco links.

http://www.experts-exchange.com/Networking/Telecommunications/IP_Telephony/VoIP/Q_24719953.html

you can limit your data rate outside the VOIP/Voice traffic.
0
 
minniejpAuthor Commented:
Would QoS not being available cause the app to show "Voip only partially connected"? I have added h323 and sip and i am still getting this error
0
 
arnoldCommented:
You are missing the inspect directive in the global policy.

inspect h323 h225
 inspect h323 ras


Here is an example using asa version 7
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/82446-enable-voip-config.html
0
 
minniejpAuthor Commented:
Do you know what ports need to be forwarded to allow an Avaya app to work?
0
 
arnoldCommented:
You need to check with how your VoIP provider is, sip trunks, etc.
A QoS will make sure if there is saturation if the connection, the packets dropped will not be the VoIP ones.

Avaya app to work with what?

You are providing limited information and limited detail on what your issue.

I understand you provide only information you think is needed to resolve/answer your question, but just providing an error and the firewall config .........
0
 
minniejpAuthor Commented:
Upgrade of firewall resolved the problem
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.