10-11-2012 09:25 PM - edited 03-11-2019 05:08 PM
I understand the ASA sip inspection is enabled by default on its service policy. Can I disabled it and not causing any problem?
I noticed the ASA does has sip session transit through it.
ciscoasa(config)# policy-map global_policy ciscoasa(config-pmap)# class inspection_default ciscoasa(config-pmap-c)# no inspect sip
10-11-2012 10:59 PM
Hello
You can disable that if you are experiancing any issue in SIP traffic and that shows in show service-policy . But make sure that, you are not doing any natting for the SIP subnet in the ASA and have proper rule on both directions ( Inside to outside and outside-inside). It is advisable to disable the SIP if you have an ASA at the other end also
Hope this helps
Harish.
03-25-2015 03:22 PM
hey i need your help, we have a sip issue all the time we try to call from inside the sip provider sounds like invalid host...they are keep on saying that our ASA is denying udp packets on 5060.....
i have allowed it and Static nat is done on ASA to our GW which is Router. it get register with SIP Provider without any issue...when i call from inside i can see that packets are allowed from inside to outside from ASA but i am unable to see anything that can tell me why i am keep on having a reply 400 invalid host.
i saw asa we are not inspecting the SIP Traffic...does that make any sense or can you help...
regards
11-24-2015 09:35 AM
Hello,
Since ASA is not inspecting SIP, you have to explicitly enable return traffic. (inbound or global ACL)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide