Hi everyone!

Would love to get your input on this attached network setup when it comes to config of the SIP/NAT rules.

Since the two networks on each side of the ASA have the same network ranges it makes it all rather difficult.

What I have tried is to make NAT-rules for sip(tcp/udp 5060) from each side of the ASA to the Com system and the PBX and thought that SIP inspection would make it work but it doesn't. The call is setup between the endpoints but we are missing voice in both directions.

Any suggestions to get further?

Relevant config below

interface GigabitEthernet0/0

nameif Com_Int

security-level 10

ip address 10.1.20.55 255.255.255.0

!

interface GigabitEthernet0/1

nameif PBX_Int

security-level 0

ip address 10.1.30.40 255.255.255.0

object network MTIG-SG-SIP-UDP

host 10.1.1.249

object network MTIG-SG-SIP-TCP

host 10.1.1.249

object network PBX-SG-SIP-UDP

host 10.1.30.55

object network PBX-SG-SIP-TCP

host 10.1.30.55

object network MTIG-SG-SIP-UDP

nat (Com_Int,PBX_Int) static interface service udp sip sip

object network MTIG-SG-SIP-TCP

nat (Com_Int,PBX_Int) static interface service tcp sip sip

object network PBX-SG-SIP-UDP

nat (PBX_Int,Com_Int) static interface service udp sip sip

object network PBX-SG-SIP-TCP

nat (PBX_Int,Com_Int) static interface service tcp sip sip

access-group ANY in interface Com_Int

access-group ANY out interface Com_Int

access-group ANY in interface PBX_Int

access-group ANY out interface PBX_Int

route PBX_Int 0.0.0.0 0.0.0.0 10.1.30.241 1

route Com_Int 10.1.1.224 255.255.255.224 10.1.20.1 1

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect netbios

  inspect tftp

  inspect ip-options

!

service-policy global_policy global