cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6977
Views
10
Helpful
9
Replies

Problem in ASA5520 with Asterisk Server , Softphone can't register

samart_sri
Level 1
Level 1

Problem in ASA5520 with Asterisk Server , Softphone can't register

Static NAT

Real IP === Firewall === Asterisk Server

||======== Web Server

Now i create static nat from public ip to private ip both server,

I can't access to web server (i thing nat it work), But in softphone can't register to Asterisk Server

Config :

access-list inside_access_in extended permit ip any any

access-list outside_access_in extended permit ip any any

static (inside,outside) 212.129.61.3 192.168.0.30 netmask 255.255.255.255

static (inside,outside) 212.129.61.4 192.168.0.31 netmask 255.255.255.255

static (inside,outside) 212.129.61.5 192.168.0.10 netmask 255.255.255.255

policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect tftp

inspect sip

Please advice to me i must reconfig on ASA ?

Thank you so much

9 Replies 9

cco-wallace
Level 1
Level 1

Try and disable inspect sip.

ASA (Asterisk Fix)

===============

policy-map global_policy

  class inspection_default

     no inspect sip

PIX (Asterisk Fix)

=============

If you still have a PIX

do this

no fixup protocol sip 5060

no fixup protocol sip udp 5060

Julio Carvajal
VIP Alumni
VIP Alumni

As everyone said remove the inspection and afterwards clear the local-host table for the hosts in discussion,

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

The problem with asterisk is that in a normal setup without a Cisco firewall it would be obligated to define the global address or NATTED IP for SIP payload but with the ASA inspection the ASA needs to see the real IP so it can modify this payload with NATTED IP.

Just disable asterisk function to map the global IP and let the ASA inspect.

More information about SIP inspection on the next link:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008081042c.shtml#sip

Value our effort and rate the assistance!

Did you understand what I was mentioning?

Value our effort and rate the assistance!

Help is for free then we need you to rate the assistance.

Value our effort and rate the assistance!

Are your issues resolved???

Value our effort and rate the assistance!

Value our effort and rate the assistance!

Jumora...i am not sure why you are upset...we are just contributing to the community...i had this issue a while back and i posted how i fixed it for others who might have the same issue.

The comment that is under what I am writing is just a comment that I post as part of a signature, it's a template, please don't take it personal, but I always comment that we need customer's to rate the assistance as we are taking time to answer their questions.

Value our effort and rate the assistance!

Value our effort and rate the assistance!
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: