Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
12407
Views
0
Helpful
1
Replies

A repeating SYSLOG: Pre-allocate SIP Via UDP secondary channel

lchance
Level 1
Level 1

‎12-03-2010 06:47 AM - edited ‎03-11-2019 12:17 PM

I'm not certain this is the correct forum (maybe it is for VPN), but here goes.

We recently enabled SYSLOGs on our headquarters ASA and I have a question about this particular 'repeating' syslog message.

It comes in multiples every minute. Obviously it is streaming. (?) So, rather than filter it out I'd like to understand its real-world nature.

Pre-allocate SIP Via UDP secondary channel for inside:10.77.11.100/10263 to outside:10.177.233.2 from REGISTER message

The IP 10.177.233.2 is from the subnet of a remote ASA 5505 (IPsec tunnel)

The IP 10.77.11.100 is from a desktop on an internal subnet behind our primary firewall.

What can I expect this 'real-world' traffic to be? I have a few guesses, but those may not be correct.

Labels:
0 Helpful
1 Reply 1

mirober2
Cisco Employee
Cisco Employee

‎12-03-2010 08:30 AM

Hello,

Those messages indicate that the SIP inspection function on the ASA saw a SIP REGISTER message and opened a secondary connection so traffic from 10.177.233.2 will be able to reach the host at 10.77.11.100 on port 10263.

These messages are normal when SIP inspection is enabled and the ASA sees a SIP Voice over IP device trying to register to a SIP server. Here is the documentation for the syslog message:

http://www.cisco.com/en/US/docs/security/asa/asa82/system/message/logmsgs.html#wp4774389

My guess would be that the PC at 10.77.11.100 has some kind of softphone installed on it that is configured to register to the SIP server at 10.177.233.2.

Hope that helps.

-Mike

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card