I recently replaced a series of ASA 5505's with a singular ASA5515X firewall. All seems to have gone well but one group of users are reporting a problem with VOIP. They are the only VOIP users on this firewall.
They have Cisco VOIP phones that connect out to an external suppier. The firewall is on an open circuit so we do not restrict outbound traffic, permitting all traffic. Inbound we permit all traffic to named servers. To their VOIP server we have a NAT in place and a rule that permits anything from internet to that server. From their network we permit all traffic to internet, including the server. I can ping the server from Internet. All outbound data traffic is fine.
The users report incoming calls to VOIP work fine without issue. When they make an external call, the call connects to the remote phone okay but no voice/audio can be heard.
I have inspections for Skinny, H323 RAS & h225, and SIP enabled. This does not make a difference - even with them removed.
IOS version is asa913-smp-k8.bin. This was working on the ASA5505 firewall but now has an issue with the ASA5515X series.
if i'm not wrong i saw some issues with SIP/NAT. I think PAT is not supported with inspection but check if inspection drop some traffic and probably you need configuring a SIP Inspection Policy Map for Additional Inspection Control
rate if i helped you
Please mark it helpfull if it was the case, and i have this problem too. Double touchdown is amazing. Thanks to make Engineering easy.
The previous version would have been 8.4 - not sure of exact version as this has been upgraded and redployed.
Remote end did some analysis and reported they are seeing the local IP in the sip traffic. The VOIP server has NAT traversal enabled. When I browse from the server I have a public IP address. NAT is working - maybe not for SIP. You would hope a Cisco product over a Cisco product would be okay. Calls outbound only have voice traffic missing - calls establish. Inbound calls have sessions establish and bi-directional voice traffic with no problems.
This document provides a configuration example of Security Assertion Markup Language (SAML) Authentication on FTD managed over FDM. The configuration allows Anyconnect users to establish a VPN session authenticating with a SAML Identity Serv...
DMVPN Dual Hub Dual Cloud Pros and ConsProsNo single point of failureQuick failover if routing protocols are tunedLoad balancing is easyTraffic engineering is easyEasy to work with multiple ISPsConsNeed 2 tunnels per spokeConfiguration is more complicated...
I had in the past an issue when migrating Cisco Cloud Web Security to Cisco Umbrella for a Customer. The Cisco ASA Firewall blocks the DNScrypt provided by the Cisco Umbrella Virtual Appliance.The issue is solved by disabling DNS packet inspection between...
Network Security All-in-one Version 1.4: ASA Firepower WSA Umbrella VPN ISE Layer 2 Security This book is written for Network engineers working in the Security field and to prepare the CCNP Security exam, it includes Cisco ASA Firewall, ASA with Fire...
This document describes how to configure the Cisco L3 devices to forward DHCPv6 information to ISE for profiling purpose. Note that although Cisco IOS doesn’t support DHCPv6 via device sensor it still sends IPv6 via RADIUS accounting which i...