02-04-2014 02:47 AM - edited 03-11-2019 08:40 PM
Hi everyone!
Would love to get your input on this attached network setup when it comes to config of the SIP/NAT rules.
Since the two networks on each side of the ASA have the same network ranges it makes it all rather difficult.
What I have tried is to make NAT-rules for sip(tcp/udp 5060) from each side of the ASA to the Com system and the PBX and thought that SIP inspection would make it work but it doesn't. The call is setup between the endpoints but we are missing voice in both directions.
Any suggestions to get further?
Relevant config below
interface GigabitEthernet0/0
nameif Com_Int
security-level 10
ip address 10.1.20.55 255.255.255.0
!
interface GigabitEthernet0/1
nameif PBX_Int
security-level 0
ip address 10.1.30.40 255.255.255.0
object network MTIG-SG-SIP-UDP
host 10.1.1.249
object network MTIG-SG-SIP-TCP
host 10.1.1.249
object network PBX-SG-SIP-UDP
host 10.1.30.55
object network PBX-SG-SIP-TCP
host 10.1.30.55
object network MTIG-SG-SIP-UDP
nat (Com_Int,PBX_Int) static interface service udp sip sip
object network MTIG-SG-SIP-TCP
nat (Com_Int,PBX_Int) static interface service tcp sip sip
object network PBX-SG-SIP-UDP
nat (PBX_Int,Com_Int) static interface service udp sip sip
object network PBX-SG-SIP-TCP
nat (PBX_Int,Com_Int) static interface service tcp sip sip
access-group ANY in interface Com_Int
access-group ANY out interface Com_Int
access-group ANY in interface PBX_Int
access-group ANY out interface PBX_Int
route PBX_Int 0.0.0.0 0.0.0.0 10.1.30.241 1
route Com_Int 10.1.1.224 255.255.255.224 10.1.20.1 1
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect netbios
inspect tftp
inspect ip-options
!
service-policy global_policy global
02-05-2014 02:51 AM
Failed to copy the right config for the policy-map in use..
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect netbios
inspect tftp
inspect ip-options
inspect h323 h225
inspect h323 ras
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
Regards,
Jonas Back
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide