11-28-2013 05:02 AM - edited 03-11-2019 08:10 PM
Hi everybody,
thanks for an awesome forum!
I've spent this moring troubleshooting on a setup where we have a sip trunk comming in and a CME receiving it. Incomming calls didnt work. The setup has worked forever and ever until an upgrade to ASA v9.0(2) from 8.2(something). So ofcourse the major change here are the NATs.
I had NATs in place and working for everything including incomming calls, however the calls suddently stopped working. Here are the 9.0 NATs:
nat (outside,inside) source static any any destination static interface CME2821 service sip1 sip1
nat (outside,inside) source static any any destination static interface CME2821 service sip2 sip2
Inspection was on. And I realize that the NATs could be more specific towards the sip provider, this is how they were configured. And the service objects:
object service sip1
service tcp destination eq sip
object service sip2
service udp destination eq sip
And looking at the header on the CME (debug ccsip messages) i saw that the INVITE and the TO adresses had NOT been translated in NAT... In other words traffic gets through the firewall like it doesnt even hit the nat rule... Which ofcourse is one of the differences between 8.2 and 9.0 - no nat controll...
Now, agains my advice, my boss decided that we roll back instead of spending time on troubleshooting. So I dont have the setup running any longer. However, if anyone has ever experienced this I would sure like to pick their brains about it.
I mean I've set up plenty of NATs and they've worked, if there are a lot of them on the same FW it can get pretty complex looking at them. But this setup has like 5 statics and one dynamic plus an exemption.
I'm fixing to give this a second attempt because this SIP stuff always seem to cause problems. And because apparantly i must have missed something about the NATs.
Let me know if there is anything i can add.
Solved! Go to Solution.
11-28-2013 05:19 AM
ASA SIP inspection - To: in INVITE not translated after 8.3/8.4 upgrade |
https://tools.cisco.com/bugsearch/bug/CSCto50963
9.0.2.3 it reslolved so you might want to upgrade.
Value our effort and rate the assistance!
11-28-2013 05:45 AM
I do it like this, if you mention 9.0 I look at the release notes of 9.1 that have resolved bugs and look for keywords like SIP in this case.
Value our effort and rate the assistance!
11-28-2013 05:19 AM
ASA SIP inspection - To: in INVITE not translated after 8.3/8.4 upgrade |
https://tools.cisco.com/bugsearch/bug/CSCto50963
9.0.2.3 it reslolved so you might want to upgrade.
Value our effort and rate the assistance!
11-28-2013 05:42 AM
jumora, thank you!
Hehe danm it, i keep forgetting the bugtracker. I will now spend time getting to know the Bug Search.
Cheers
11-28-2013 05:45 AM
I do it like this, if you mention 9.0 I look at the release notes of 9.1 that have resolved bugs and look for keywords like SIP in this case.
Value our effort and rate the assistance!
11-28-2013 05:51 AM
Hey
Lol, you know. I was looking at it the moment your reply ticked in, and i was wondering how the h... you found it with the affected releases being 8.3 and 8.4.
But nice tip, thanks again.
Cheers
11-28-2013 06:09 AM
9 years working in TAC
Value our effort and rate the assistance!
11-28-2013 06:12 AM
Lol. Right, that figures.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: