VoIP quit working through Cisco ASA 5506-X
I have a client who has been using VoIP through a Cisco ASA 5506-x for a while and has run into a major problem. For no obvious reason (no recent configuration changes or firmware updates), the phones became unable to communicate with the CO. I'm not seeing anything in the rules to prevent this. Other than enabling QoS (which I've also disabled as a test), there's really not much special going on in the ASA configuration. No VLANs and no complicated rules. There is a separate subnet on a different physical port on the ASA.
As a test, I replaced the ASA with a simple router and they worked. I take this to rule out a change at the ISP as the cause.
I watched traffic and saw a number of rejections of some ICMP packets, so I allowed them and those errors went away, but the phones still don't connect.
I did some further watching and noticed the following sequence looking at outgoing traffic from the phone at 192.168.113.110. I've replaced our actual Outside IP with "OutsideIP", the phone provider's CO IP with "PhoneCO", and have added my comments about what I think is being done. I also reversed the order, so the oldest is first:
Phone makes a connection to our DNS server (UDP port 53) at 192.168.113.100:
6|||302015|192.168.113.100
Connection is torn down right away:
6|||302016|192.168.113.100
Phone makes a DNS connection to our Outside IP address:
6|||305011|192.168.113.100
Phone makes a TCP connection to the CO. I notice that this is using the same translated port 26266 as the connection immediately prior:
6|||302013|192.168.113.100
The connection is torn down right away.
6|||305012|192.168.113.100
Connection to the PhoneCO is denied as the connection using translated port 26266 was just torn down:
6|||106015|192.168.113.100
Am I correct to conclude that the "Deny TCP" is because the connection reused the translated port 26266 and is the likely reason the phone can't communicate with the CO? If so, how do I resolve the issue?
Thank you in advance for assistance with this.
As a test, I replaced the ASA with a simple router and they worked. I take this to rule out a change at the ISP as the cause.
I watched traffic and saw a number of rejections of some ICMP packets, so I allowed them and those errors went away, but the phones still don't connect.
I did some further watching and noticed the following sequence looking at outgoing traffic from the phone at 192.168.113.110. I've replaced our actual Outside IP with "OutsideIP", the phone provider's CO IP with "PhoneCO", and have added my comments about what I think is being done. I also reversed the order, so the oldest is first:
Phone makes a connection to our DNS server (UDP port 53) at 192.168.113.100:
6|||302015|192.168.113.100
Connection is torn down right away:
6|||302016|192.168.113.100
Phone makes a DNS connection to our Outside IP address:
6|||305011|192.168.113.100
Phone makes a TCP connection to the CO. I notice that this is using the same translated port 26266 as the connection immediately prior:
6|||302013|192.168.113.100
The connection is torn down right away.
6|||305012|192.168.113.100
Connection to the PhoneCO is denied as the connection using translated port 26266 was just torn down:
6|||106015|192.168.113.100
Am I correct to conclude that the "Deny TCP" is because the connection reused the translated port 26266 and is the likely reason the phone can't communicate with the CO? If so, how do I resolve the issue?
Thank you in advance for assistance with this.
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
DNS
The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.
29K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
