Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1993
Views
0
Helpful
4
Replies

Allowing SIP through ASA 5525-X version 9.x

Terence Lockette
Level 1
Level 1

‎12-29-2015 11:08 AM - edited ‎03-12-2019 12:05 AM

Hello,

Other than configuring the inspect SIP parameter for the global policy of the firewall, is there anything else I need to configure to allow SIP through my ASA?  Do I need to configure NAT & ACLs?  I attached a diagram of what I think the topology may look like but I assume that I may have to open up port 5060 from the outside going in on the firewall.  I'm not sure, however, because we have a router from the telco where inbound and outbounds SIP calls are to be sent and received from (see diagram).

Thanks,

Terence

Labels:
Preview file
71 KB
0 Helpful
4 Replies 4

Collin Clark
VIP Alumni
VIP Alumni

‎12-29-2015 03:16 PM

Assuming inbound calls will be coming over SIP, then yes you will need to create a NAT & ACL. Also ATT can be particular on what address/address space your SIP calls are coming from so you'll want to pay attention to that as well. Even though ATT has a SIP router on premise, there needs to be connectivity between the ATT router and your voice server (which by looking at your diagram, goes through the ASA).

HTH

0 Helpful

Terence Lockette
Level 1
Level 1
In response to Collin Clark

‎04-08-2016 08:18 AM

Collin,

Can you provide an example of how I would configure NAT on the ASA that I can use as a reference?

0 Helpful

bhavsha2
Cisco Employee
Cisco Employee

‎12-30-2015 04:27 AM

Hello Terence,

NAT comes in place if the Call Manager is on the Internet and the phone is on the LAN Network.

So in this case a phone from Network 12.21.89.x would be communicating with a phone on Network 206.x . So are the phones going to be registered with the Call Manager which is in Network 12.21?

If the scenario is the way I have mentioned then translation would be required from 206 network to 12.21 network if the translation is not performed on Telco router

Regards,

Bhavik Shah

0 Helpful

Terence Lockette
Level 1
Level 1

‎01-15-2016 11:00 AM

Hey guys,

Just so you're aware, we're running Mitel 3300s for our PBXs and will have a SecureLogix appliance to proxy the SIP.  We want to keep these devices behind our firewall so I'm sure ACL/NAT will be used along with SIP inspect.  I'll provide another updated diagram of how I think the topology will be for the setup.  I just need to know what a typical ACL/NAT would look like for allowing SIP through the ASA.

Thanks,

Terence

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card