cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
37460
Views
10
Helpful
3
Replies

ASA sip inspection

kope
Level 1
Level 1

I understand the ASA sip inspection is enabled by default on its service policy. Can I disabled it and not causing any problem?

I noticed the ASA does has sip session transit through it.

ciscoasa(config)# policy-map global_policy
ciscoasa(config-pmap)# class inspection_default
ciscoasa(config-pmap-c)# no inspect sip
3 Replies 3

Hello

You can disable that if you are experiancing any issue in SIP traffic and that shows in show service-policy . But make sure that, you are not doing any  natting for the  SIP subnet in the ASA and have proper rule on both directions ( Inside to outside and outside-inside). It is advisable to disable the SIP if you have an ASA at the other end also

Hope this helps

Harish.

hey i need your help, we have a sip issue all the time we try to call from inside the sip provider sounds like invalid host...they are keep on saying that our ASA is denying udp packets on 5060.....

i have allowed it and Static nat is done on ASA to our GW which is Router. it get register with SIP Provider without any issue...when i call from inside i can see that packets are allowed from inside to outside from ASA but i am unable to see anything that can tell me why i am keep on having a reply 400 invalid host.

i saw asa we are not inspecting the SIP Traffic...does that make any sense or can you help...

 

regards

Hello,

Since ASA is not inspecting SIP, you have to explicitly enable return traffic. (inbound or global ACL)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: