cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1990
Views
0
Helpful
4
Replies

Allowing SIP through ASA 5525-X version 9.x

Hello,

Other than configuring the inspect SIP parameter for the global policy of the firewall, is there anything else I need to configure to allow SIP through my ASA?  Do I need to configure NAT & ACLs?  I attached a diagram of what I think the topology may look like but I assume that I may have to open up port 5060 from the outside going in on the firewall.  I'm not sure, however, because we have a router from the telco where inbound and outbounds SIP calls are to be sent and received from (see diagram).

Thanks,

Terence

4 Replies 4

Collin Clark
VIP Alumni
VIP Alumni

Assuming inbound calls will be coming over SIP, then yes you will need to create a NAT & ACL. Also ATT can be particular on what address/address space your SIP calls are coming from so you'll want to pay attention to that as well. Even though ATT has a SIP router on premise, there needs to be connectivity between the ATT router and your voice server (which by looking at your diagram, goes through the ASA).

HTH

Collin,

Can you provide an example of how I would configure NAT on the ASA that I can use as a reference?

bhavsha2
Cisco Employee
Cisco Employee

Hello Terence,

NAT comes in place if the Call Manager is on the Internet and the phone is on the LAN Network.

So in this case a phone from Network 12.21.89.x would be communicating with a phone on Network 206.x . So are the phones going to be registered with the Call Manager which is in Network 12.21?

If the scenario is the way I have mentioned then translation would be required from 206 network to 12.21 network if the translation is not performed on Telco router

Regards,

Bhavik Shah

Hey guys,

Just so you're aware, we're running Mitel 3300s for our PBXs and will have a SecureLogix appliance to proxy the SIP.  We want to keep these devices behind our firewall so I'm sure ACL/NAT will be used along with SIP inspect.  I'll provide another updated diagram of how I think the topology will be for the setup.  I just need to know what a typical ACL/NAT would look like for allowing SIP through the ASA.

Thanks,

Terence

Review Cisco Networking for a $25 gift card