Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
648
Views
0
Helpful
3
Replies

Ports to be opened up for Hosted Voice Access on the ASA

Ramesh Chauhan
Level 1
Level 1

‎09-24-2012 01:59 PM - edited ‎03-11-2019 04:58 PM

Hi Guys,

I have a customer who is going to host a VOICE services like providing SIP services to its customers.

Can someone tell me the specific ports required to be opened up for this on ASA  5515X. I would rate it ASAP.

Labels:
0 Helpful
3 Replies 3

Jennifer Halim
Cisco Employee
Cisco Employee

‎09-25-2012 06:18 AM

For SIP, if they are using default port, normally it's TCP or UDP/5060. However if they change the default port and use other ports, then you would need to configure it accordingly.

Further to that, you would also need to configure "inspect sip" (it's enabled by default, but just in case the inspection is disabled for whatever reason).

Also, you would need to ask your customer if they have other voice services that they need to open ports for apart from SIP.

Here is more information on SIP inspection:

http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference/i2.html#wp1765334

There are also H323 that ASA can inspect. Here is more inforation on H323 inspection:

http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference/i2.html#wp1759941

Lastly, ASA also inspect Skinny, but this is more for Cisco phone environment, so don't think voice hosting services will have this. But just in case you need it, here is more information on Skinny inspection:

http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference/i2.html#wp1762128

Hope that helps.

0 Helpful

Ramesh Chauhan
Level 1
Level 1
In response to Jennifer Halim

‎09-25-2012 06:54 AM

Jennifer,

Thanks a lot!

This is from inside to outside access. What about outside to inside access ? What happens when a SIP customer tries to access the SIP services sitting behing the ASA?

0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee
In response to Ramesh Chauhan

‎09-25-2012 06:57 AM

Same deal, you would need to configure access-list and apply that to the outside interface plus, you would also need to configure static NAT since the traffic is initiated from outside to inside (low to high security levels).

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card