cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1768
Views
1
Helpful
6
Replies

ASA 5505 Blocking VOIP System

jamin
Level 1
Level 1

We installed a new Ooma VOIP phone system and it works everywhere but our main office. We were told by Ooma that we needed to open the ports on the firewall to allow for the traffic.

UDP 53, UDP 123, UDP 514, UDP 1194,UDP 3386, UDP 3480, UDP 10000-30000, TCP 110, TCP 53 and TCP 443.

I went to Configuration>Firrewall>Access Rules and added to the "Outside" Incoming Rules

Source and Destination Criteria is set to 'any" and the service is set to the UDP/TCP stated above..

I am still not getting out??

Someone also suggested that I plug the base station into the ASA 5505.

6 Replies 6

Dennis Mink
VIP Alumni
VIP Alumni

When you say you ar still not getting out, what do you mean?  does that mean both phones ring, but when picked up there is no voice?

I am not sure how you opened up the ports, but what you have to remember if that RTP is point to point between the endpoints.

also you might want to look into SIP inspection or whatever signalling protocol you use, so the FW dynamically opens up high ports for RTP.

also, are you using NAT between phone end point?

Please rate if useful

Please remember to rate useful posts, by clicking on the stars below.

it says "No Service on the Phones" but, I'm still getting an IP address.

I opened the ports using the attached screen..its how I did them for other services (Security, Alarm,,ect)

so i take it, these phones have a public IP address/present a public IP address and when hitting the outside of the FW going to CUCM, the destination gets NAT-ed?

Please rate if useful

Please remember to rate useful posts, by clicking on the stars below.

I dont know..I know I am getting an IP address internally; but no way to dial out.

.If I plug them in ANYWHERE outside of this office..they work great...I thought I could set the base station somewhere outside the firewall..but it wont work

what you are seeing is that the phones are unable to connect to your CUCM to download their config.

you might well need a VPN for this to work as per:

https://supportforums.cisco.com/document/33891/ip-phone-ssl-vpn-asa-using-anyconnect

Please rate if useful

Please remember to rate useful posts, by clicking on the stars below.

we arent using cisco phones..the phones are yealink from OOma

Review Cisco Networking for a $25 gift card