Cisco Phone 8845 not registering on CME with traffic passing firewall

tav73 · ‎04-29-2018

Hi,

I have a problem with registering many VoIP phones (8845) on a CME router with traffic passing through the ASA 5508 firewall. The phone does not register unless I add the username user1 password pass1 command, whether I have disabled SIP inspection on the firewall. (no inspect sip)

If I remove the firewall, the phone registering is normal, without the need for the username user1 password pass1 command for each pool.

Is there a firewall command to allow the phone to be registered without adding a user/password combination for each pool?

Thanks a lot!

Florin Barhala · ‎04-30-2018

This should be related to the ASA inspection policy.
Can you share the service policy configuration of your ASA?

tav73 · ‎05-02-2018

Hi Florin,

The inspection policy looks like:

class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect ip-options
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect xdmcp
  inspect dns preset_dns_map
policy-map type inspect dns migrated_dns_map_1
 parameters
  message-length maximum client auto
  message-length maximum 512
!
service-policy global_policy global

Thank you!