ASA 5520 - SIP NAT

eqocommunications · ‎03-08-2007

I need to NAT an outside IP to an inside IP, but I do not want to change the source IP address.

Anyone have any luck with getting SIP to pass through the 5520 without changing the source IP?

suschoud · ‎03-08-2007

outside--->inside communication :

on internet:

source ip(1.1.1.1)...destination ip(2.2.2.2)

on asa's outside interface :

static (inside,outside) 2.2.2.2 4.4.4.4

as soon as this translation is processed ,the new packet is :

source ip(1.1.1.1).....destination ip(4.4.4.4)

this packet is sent to inside interface as per static.

so,source ip never changed.

it was the destination which changed.

_________________-

inside to outside communication :

inside(192.168.1.2) ip trying to access 200.200.200.220 on internet.

inside interface :

source( 192.168.1.2)..dest. ip( 200.200.200.220)

nat (inside) 1 192.168.1.2 255.255.255.255

global (outside) 1 interface

on oustside interface

source ip (outside interface's pat address ).....dest. address ( 200.200.200.220)

so,source ip is changing here.

what say ?

eqocommunications · ‎03-08-2007

The NAT statements are inline with what I'm running here. The issue I'm seeing is that as the SIP traffic from the outside Internet reaches the ASA5520, it's changing the SIP INVITE message from my outside address to my inside address.

Would this have anything to do with stateful inspection? I tried turning it off with creating a policy map inspect sip. But that doesn't seem to help.