Hi everybody,
thanks for an awesome forum!
I've spent this moring troubleshooting on a setup where we have a sip trunk comming in and a CME receiving it. Incomming calls didnt work. The setup has worked forever and ever until an upgrade to ASA v9.0(2) from 8.2(something). So ofcourse the major change here are the NATs.
I had NATs in place and working for everything including incomming calls, however the calls suddently stopped working. Here are the 9.0 NATs:
nat (outside,inside) source static any any destination static interface CME2821 service sip1 sip1
nat (outside,inside) source static any any destination static interface CME2821 service sip2 sip2
Inspection was on. And I realize that the NATs could be more specific towards the sip provider, this is how they were configured. And the service objects:
object service sip1
service tcp destination eq sip
object service sip2
service udp destination eq sip
And looking at the header on the CME (debug ccsip messages) i saw that the INVITE and the TO adresses had NOT been translated in NAT... In other words traffic gets through the firewall like it doesnt even hit the nat rule... Which ofcourse is one of the differences between 8.2 and 9.0 - no nat controll...
Now, agains my advice, my boss decided that we roll back instead of spending time on troubleshooting. So I dont have the setup running any longer. However, if anyone has ever experienced this I would sure like to pick their brains about it.
I mean I've set up plenty of NATs and they've worked, if there are a lot of them on the same FW it can get pretty complex looking at them. But this setup has like 5 statics and one dynamic plus an exemption.
I'm fixing to give this a second attempt because this SIP stuff always seem to cause problems. And because apparantly i must have missed something about the NATs.
Let me know if there is anything i can add.
