10-12-2015 09:32 AM - last edited on 03-25-2019 08:36 PM by ciscomoderator
Can anyone share if they had success in putting an ASA in front of an ISR for a SIP trunk?
I had a problem with double NAT. Currently, an ISR router is in front of the network with the trunk to avoid double NAT.
Configurations or links to ASA configuration would be helpful.
Solved! Go to Solution.
10-12-2015 06:09 PM
Essentially, your CUBE will be listening to 5060 or 5061 (when using TLS). on top of that you have RTP that will flow through that same ASA. with SIP inspect configured on your ASA there is no need to explicitly open up high port 16000-32000 (roughly) for RTP. I run this set up on our VCS and works perfectly and is essentially no different from a CUBE.
10-12-2015 08:21 PM
Hi,
I am doing this without problems. You need to disable SIP inspection and make sure that you configure SIP IPs in a policy map with TCP state bypass enabled.
Regarding the ports to be allowed on ASA, it depends on what services are running. Check this link.
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/port/9_0_1/CUCM_BK_T98E8963_00_tcp-port-usage-guide-90/CUCM_BK_T98E8963_00_tcp-port-usage-guide-90_chapter_01.html
10-12-2015 06:09 PM
Essentially, your CUBE will be listening to 5060 or 5061 (when using TLS). on top of that you have RTP that will flow through that same ASA. with SIP inspect configured on your ASA there is no need to explicitly open up high port 16000-32000 (roughly) for RTP. I run this set up on our VCS and works perfectly and is essentially no different from a CUBE.
10-12-2015 08:21 PM
Hi,
I am doing this without problems. You need to disable SIP inspection and make sure that you configure SIP IPs in a policy map with TCP state bypass enabled.
Regarding the ports to be allowed on ASA, it depends on what services are running. Check this link.
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/port/9_0_1/CUCM_BK_T98E8963_00_tcp-port-usage-guide-90/CUCM_BK_T98E8963_00_tcp-port-usage-guide-90_chapter_01.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide