ASA 5505 / internet / SIP question

I work in a hospital. We use the Stratus iPad app for interpretation.  We have a guest internet circuit that these iPads are on.  The circuit was recently upgraded from 35 Mbps to 100 Mbps. No other changes that i know of. Around that time the Stratus app stopped connecting. There is an asa 5505 on this circuit, but only default config is enabled.

 I took the ipad home and the app worked fine on my home wifi.  I ahve contacted the vendor and our ISP. Both claim it must be a firewall issue, but nothing has changed.  Any ideas?
chris crosbyAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Eoin OSullivanConsultantCommented:
So I assume the apps are by this company -

Excuse me if I state anything obvious you've already tried but it would be useful to know
1. When on the Hospital network can the iPads connect to the Internet in all other respects?  Safari and Mail all work OK?  What about apps which use video such as YouTube?
2. When on the hospital network .. do you know the URL/IP address that the Stratus app is trying to connect to?  Can you identify the traffic from devices - or when on your home network can you use the router or network tools to identify the traffic?
Jackie ManIT ManagerCommented:
You need to contact the network admin of guest internet circuit of your hospital.

My guess is that the network admin did "upgrade" the firewall when there is an upgrade of the guest internet circuit.
chris crosbyAuthor Commented:
Thanks for the replies -

@Eoin - Yes, all other tested internet / video applications work.  I have the tech doc from stratus and it is a wide range of IPs that it may connect to, not a specific URL.  All of that is embedded in the app.  I don't really have any monitoring apps at home, but I will try to come up with something toight.

@Jackie - I am basically the admin of that circuit - firewall config is handled by an offsite 3rd party that requires a change request to make any changes.  I have also been in touch with them just to be sure and no changes were made.  Below is the security config of the ASA - I have been reading up on SIP inspection and how some applications require it, while others need it turned off.  I am thinking maybe submit a change request to turn it off to see, but that takes a week and then if no change I'll have to submit a request to change it back.  I'm not dealing with particularly helpful people on that side.

boot system disk0:/asa822-k8.bin
ftp mode passive
pager lines 24
mtu inside 1500
mtu outside 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1
route outside <>  timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
snmp-server location  <>
snmp-server contact  <>
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
no crypto isakmp nat-traversal
telnet inside
telnet timeout 5
ssh timeout 5
console timeout 0

threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username <> password s6x5afD9Alo2bY8C encrypted privilege 15
class-map inspection_default
 match default-inspection-traffic
policy-map type inspect dns preset_dns_map
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
  inspect icmp
  inspect ip-options
Jackie ManIT ManagerCommented:

I think your ISP is not only upgrading the network but have changed the broadband service provider also.

You need to re-provision your iPad for the Stratus Video app.
Something else changed. When unauthorized changes get made, nobody is going to confess to them. Did they make a backup before the upgrade? Try to have them restore to that and see if issues suddenly go away.

Just as importantly, compare the configurations from before and after the upgrades. That should give you the best idea.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.