Re: CIsco ASA ASA5585-SSP-40 SIP Inspection disable

deepfree1 · ‎10-11-2018

Hello guys,

I have some problem with implementing SIP service with our vendor. I have made all communication rules correctly i mean ASA NAT connection to internal and external host and addresses. SIP voice goes trough outside to inside but the problem is that there is a one way voice only. When i am making call from inside to outside hosts connection works and its OK but there is a one way voice only. I cant hear the second part. After net serfing i found out soulution to make SIP inspection disable on my core ASA.

The main question is will it affect to all SIP connection that goes through ASA ? Will it brake SIP communication with other vendors ? Because its very important for organisation i work and other SIPs voices that in work can not be terminated

thanks in advance

Daniele Giordano · ‎10-12-2018

Hi, SIP inspection is applied globally on the policy-map global-policy so you must disable it in a general way:

conf t

policy-map global_policy

class inspection_default

no inspect sip

Anyhow you can create a new custom policy. Something like this:

access-list sip_traffic extended permit udp ...... ### create an acl ti match only SIP traffic of other providers

class-map sip_inspect ### create a class map that use the previous acl

match access-list sip_traffic

policy-map sip_inspect_policy ### create a policy map that use the previous calss map

class sip_inspect

inspect sip

service-policy sip_inspect_policy interface ..... ### apply the policy to your outside interface

This is only an example and must be tested.

My personal suggestion is disable sip inspection globally and check if all SIP services work corretly.

If all is ok no others policy maps are required.

In case try to apply a custom policy.

Regards.

deepfree1 · ‎10-12-2018

thats exactly a big problem i cant interupt all other SIP connections. it will affect on a business.

and i dont know will it affect on other connection or not.