Hi Federico

Thanks for your prompt response.

Firstly I have pat configured

global (outside) 10 interface

But when i confgured this way It works

access-list inside_access_in extended permit ip host 192.168.5.150 any
nat (inside) 10 192.168.5.150 255.255.255.255

It will allow all traffic, which I dont want to do it

On the official website of Jumblo they given the following ports to be allowed

UDP 5060
UDP 11113
UDP 10300 - 10311
UDP 6901 - 6920

And destination IP to be allowed I captured through Wireshark

To allow only the traffic you want yo do the following:

nat (inside) 10 192.168.5.150 255.255.255.255

global (outside) 10 interface

But instead of this:

access-list inside_access_in extended permit ip host 192.168.5.150 any

You allow only the desired ports:

access-list inside_access_in extended permit tcp host 192.168.5.150 any eq 80

access-list inside_access_in extended permit tcp host 192.168.5.150 any eq 25

The above assumes the following:

You want to allow only outbound TCP traffic destined to port 80 and 25

There's an access-group applied to the inside interface called inside_access_in

Federico.

I've created an Object Group (named Jumblo) for the folllowing udp ports

UDP 5060
UDP 11113
UDP 10300 - 10311
UDP 6901 - 6920

And the object-group for the destination ip's (named jumblo1 and jumblo2)

So the ACL is

access-list inside_access_in extended permit udp host 192.168.5.150 object-group DM
_INLINE_NETWORK_11 object-group Jumblo
nat (inside) 10 192.168.5.150 255.255.255.255

As I told you by this way i connect to jumblo and places a call, But I cannot recieve the remote users voice

If you're passing voice traffic through the ASA, then it has both signaling and the actual voice packets.

If the call is established, then the signaling is correct (the called phone rings?)

The audio is then part of the voice packets (they shouldn't need to be permitted if the voice protocol is being inspected).

Just as a quick test, if you can permit IP from the remote IP inbound does it work? This will just prove if its a matter of permitting ports or not.

Federico.

Just as a quick test, if you can permit IP from the remote IP inbound 
does it work? This will just prove if its a matter of permitting ports 
or not.

How can i do this ? I didn't got it.

You say there's no audio between both phones.

Both phones have an IP address.

Is IP permitted between both IPs?

Federico.

I think you  didn't got me

we done have phones

Sorry you're right.

But the same idea applies...

You need to make a call between two IP addresses correct?

Federico.

No I have network host calling to mobile phones

Ok then...

When you place a call to a mobile does it rings and there's no audio? Or the mobile never rings?

Federico.

When I place a call I dont hear a dial tone..The remote user can listen my voice and but I cannot hear his

Do you have an spare IP (public) part of the outside interface?

If you do you can:

static (inside,outside) x.x.x.x

access-list outside permit ip any host x.x.x.x

access-group outside in interface outside

The idea is to create a static one-to-one translation to your internal machine (the one making the call).

Also create an ACL to permit all IP traffic inbound to that IP.

If the above test works, we can know the problem is caused by the ASA and it's just a matter of adjusting the configuration.

Federico.