01-06-2012 07:52 PM - edited 03-11-2019 03:11 PM
Hi experts,
I have a problem with mi telephony server. My network topology is very simple. I have an ASA5505 connected to Internet throught an ISP. Behind ASA5505 I have a ToIP Server that operate well inside LAN network. However, when I try to register two or more extensions (Softphones) from Internet, Softphones some times it registers sucessfully, but some times doesn´t work.
The other hand, when softphones outside from LAN get register sucessfully in Asterisk server, is not possible that one of this calling the other one, and Asterisk server detects them as "UNREACHABLE". I don´t know if the problem are all commands of traffic inspect or if the problem is referenced to a particular UC proxy License.
These are configuration lines:
object-group service elastix-ports
service-object udp eq sip
service-object udp gt 10000
service-object udp eq 4569
service-object tcp eq 1222
service-object tcp eq https
service-object tcp eq 4445
service-object tcp eq ssh
service-object icmp
access-list outside_in extended permit object-group elastix-ports object-group elastix-connections host Asterisk_IP_Public
access-list inside_in extended permit ip any any
access-group inside_in in interface inside
access-group outside_in in interface outside
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect ip-options
!
As you see, ACLs are not a problem. Someone has any idea?.
I'll be very grateful
Regards.
DT.
01-07-2012 05:34 AM
Hi Darwin,
The first step would be to get debugging (7) level syslogs, 'debug sip' output, and bi-directional packet captures on both sides of the ASA when a problem phone is trying to register. If the problem is not apparent from the above output, I would recommend opening a TAC case to have it investigated further.
-Mike
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide