i'm facing a major issue with the asa, my cisco call manager is trying to communicate with SIP provider outside the ASA,
i have configured a static NAT for the CCM and respective policy to allow that SIP traffic, the thing is that when the CCM trying to reach the SIP provider
the NAT occures however direction inbound to the CCM drops by ASA.
any ideas on resolving this issue?
Are you using SIP inspection? If not I would suggest you use it. That will ensure that the firewall dynamically opens additional ports as required. Also, the firewall will modify all private addresses within the signaling packet to corresponding public IP. In addition, please make sure that your CCM device is not NAT aware i.e. it does not use public IP address in its signaling data.
Hope this helps.
SIP inspection is enabled otherwise the CCM requests outbound would have been denied,
the CCM is not NAT aware and using it's IP address for the signalling
As a first step, would it be possible for you to allow all traffic from outside to the translated IP of the CCM? This will help us understand if it is a inspection issue or something else. Also, can you please post the output of "show service-policy" command?
i have created a static NAT to represent the CCM as a public ip address,
however , when SIP provider sends his reply to the SIP registration the asa ignors the NAT and packet is seen as follows :
public ip of the SIP server is requesting/sending data to the real CCM ip address
show service-policy :
no special class map was created to math the 5060 ports as the ASA recognizes it as SIP traffic
Can you post the ASA configuration and also this
debug sip ha
P.S Please mark this question as answered if it has been resolved. Do rate helpful posts.