Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1803
Views
0
Helpful
4
Replies

SIP Invite ACK through ASA 8.4

Michael Dougherty
Level 1
Level 1

‎06-22-2011 03:51 PM - edited ‎03-11-2019 01:49 PM

Hello Everyone,

I have a rather interesting issue that I have never encountered.  I have a client using a CM (unknown version) that makes a UDP 5060 invite to a 3rd party recording device.  The CM is sending traffic through an ASA 5510 running 8.4. 

Running wireshark we see the SIP invite with source and destination of 5060 but when the recorder device responds it responds with an ICMP code 3 (destination unreachable.  If you look at the packet more deeply I see the source and destination ports of 5060 and the proper source and destination IP addresses.  There is no NAT being used only ACL and static routing.  I have also trurned off the default SIP, H323 and RTP inspections with the same results.  I dont think the ASA is rewriting the packet headers but the client says that if they remove the ASA everything works fine. 

If anyone has a suggestion I would appreciate it.

Labels:
0 Helpful
4 Replies 4

brquinn
Level 1
Level 1

‎06-23-2011 06:40 AM

The best thing to do is run simultaneous captures on the inside and outside interfaces on the ASA to see how it's affecting the traffic. These commands will capture bi-directional traffic between the two hosts.

Ex:

capture incap interface inside match ip host a.a.a.a host b.b.b.b

capture outcap interface outside match ip host a.a.a.a host b.b.b.b

Download off the captures in pcap format:

https://

https://

The ASA will prompt you to download files named "pcap". Just rename the files to incap1.pcap and outcap1.pcap, etc. and you can open them with wireshark to see if the ASA is blocking any of the packets or changing them in any way.

Thanks,

Brendan

0 Helpful

lusandi
Level 1
Level 1

‎07-13-2011 04:35 PM

Michael,

I hope you are doing great,

I would like to confirm if you can post from the ASA the following information:

debug sip

debug sip ha

Regards,

Luis Sandi

0 Helpful

Michael Dougherty
Level 1
Level 1
In response to lusandi

‎07-13-2011 06:28 PM

Hello Luis,

I actually worked with TAC and we were able to test and verify that the ASA was not the issue.  The problem turned out to be the 3rd party recording device.  We used a Asterisk box to put in place of the other unit and we were able to record and play back the conversation. 

Thanks for your interest.

0 Helpful

lusandi
Level 1
Level 1
In response to Michael Dougherty

‎07-14-2011 07:45 AM

Well in that case I am glad everything its working now.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card