I am very rusty with working with the ASA and I've never gotten it to work with a CUBE SIP Gateway before.

What I have is a CUBE gateway that was terminated to a SIP provider (Nextiva).  When my router on my home lab was public facing everything worked fine.  I now have an ASA 5510 installed with the CUBE sitting in the DMZ.  I have gotten the installation of the ASA done with a configuration onboard that at least gives me internet connectivity.  I have tried running traces with the SIP provider but they claim no call is arriving at their system.  I am getting a lot of "404 not found" errors in my SIP traces and I'm sure the firewall is probably blocking it.

Is there someone out there who is able to take a look at my config and see what I may have done wrong?

My topology is:

"SIP PROVIDER/ISP"-->ASA 5510-->INSIDE Router touching internal network

                                                        --->DMZ Router acting as a Cisco CUBE SIP Gateway

I have opened up my ACLs so that I am not doing any obvious blocking of packets and I have also setup NAT statements based on recommended configurations.  It makes sense to me what I did, but I still keep getting stuck and I think I may have forgotten something crucial.

I have only one external public IP, my intent is to put a CUBE router in my DMZ (which it's already there) and also an Expressway Edge server that I can use for jabber termination from the outside into my inside network without the use of a VPN.

Attached is the running configuration of my ASA as well as the output of "debug sip" - I have "X'd" out my public IP address and I have also opened up the ACLs to be wide open.  I have also included a packet-tracer output on the ASA simulating traffic inbound on the DMZ interface going to the outside which is an IP my SIP provider gave me.  I'm flexible in how I get this working, I'm just not sure where to start.  Kind of flustered at this time:

ASA-1# show run
: Saved
:
ASA Version 9.1(1)
!
hostname ASA-1
enable password 8Ry2YjIyt7RRXU24 encrypted
xlate per-session deny tcp any4 any4
xlate per-session deny tcp any4 any6
xlate per-session deny tcp any6 any4
xlate per-session deny tcp any6 any6
xlate per-session deny udp any4 any4 eq domain
xlate per-session deny udp any4 any6 eq domain
xlate per-session deny udp any6 any4 eq domain
xlate per-session deny udp any6 any6 eq domain
passwd 2KFQnbNIdI.2KYOU encrypted
names
!
interface Ethernet0/0
 nameif outside
 security-level 0
 ip address dhcp setroute
!
interface Ethernet0/1
 nameif DMZ
 security-level 50
 ip address 10.10.10.1 255.255.255.0
!
interface Ethernet0/2
 nameif inside
 security-level 100
 ip address 10.10.20.1 255.255.255.0
!
interface Ethernet0/3
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 nameif MGMT
 security-level 100
 no ip address
!
ftp mode passive
object network CUBE-RTR
 host 10.10.10.50
object network EXPRESSWAY-EDGE
 host 10.10.10.51
object network INSIDE-SUBNET
 subnet 10.10.20.0 255.255.255.0
object network DMZ-SUBNET
 subnet 10.10.10.0 255.255.255.0
object network INSIDE-192.168-SUBNETS
 subnet 192.168.0.0 255.255.0.0
object network CUBE-EXTERNAL-IP
 host X.X.X.X
object service obj-service-TCP-5060
 service tcp source eq sip
object service obj-service-UDP-5060
 service udp source eq sip
object service obj-service-UDP-16384-32767
 service udp source range 16384 32767
access-list OUTSIDE-ACL-INBOUND extended permit ip any host 10.10.10.51
access-list OUTSIDE-ACL-INBOUND extended permit ip any host 10.10.10.50
access-list OUTSIDE-ACL-INBOUND extended permit udp any any range 16384 32767
access-list OUTSIDE-ACL-INBOUND extended permit ip any any
access-list DMZ-ACL-INBOUND extended permit ip 10.10.10.0 255.255.255.0 any
access-list DMZ-ACL-INBOUND extended permit ip any any
access-list INSIDE-ACL-INBOUND extended permit ip any any
pager lines 24
mtu outside 1500
mtu DMZ 1500
mtu inside 1500
mtu MGMT 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
no arp permit-nonconnected
nat (DMZ,outside) source static CUBE-RTR interface service obj-service-TCP-5060 obj-service-TCP-5060
!
object network INSIDE-SUBNET
 nat (inside,outside) dynamic interface
object network DMZ-SUBNET
 nat (DMZ,outside) dynamic interface
object network INSIDE-192.168-SUBNETS
 nat (inside,outside) dynamic interface
access-group OUTSIDE-ACL-INBOUND in interface outside
access-group DMZ-ACL-INBOUND in interface DMZ
route outside 0.0.0.0 0.0.0.0 X.X.X.X 1
route DMZ 4.4.4.4 255.255.255.255 10.10.10.50 1
route inside 192.168.0.0 255.255.0.0 10.10.20.2 1
timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy
user-identity default-domain LOCAL
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart warmstart
crypto ipsec security-association pmtu-aging infinite
crypto ca trustpool policy
telnet timeout 5
ssh timeout 5
console timeout 0
threat-detection basic-threat
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum client auto
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect ip-options
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
  inspect icmp
!
service-policy global_policy global
prompt hostname context
no call-home reporting anonymous
call-home
 profile CiscoTAC-1
  no active
  destination address http https://tools.cisco.com/its/service/oddce/services/DDCEService
  destination address email callhome@cisco.com
  destination transport-method http
  subscribe-to-alert-group diagnostic
  subscribe-to-alert-group environment
  subscribe-to-alert-group inventory periodic monthly
  subscribe-to-alert-group configuration periodic monthly
  subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:56f6892cc47436e6a12ebbb165c3dcb5
: end
ASA-1#

===========================================

ASA-1# SIP::Message received from inside:192.168.15.32/49065 to DMZ:10.10.10.50/5060 is a possible segment, ctx->dlen 536
>>>> SIP::Payload not modified
SIP:: Proxy forward 0 bytes, total 536
SIP::Message received from inside:192.168.15.32/49065 to DMZ:10.10.10.50/5060 is a possible segment, ctx->dlen 1072
>>>> SIP::Payload not modified
SIP:: Proxy forward 0 bytes, total 1072
SIP:found content length 0, ctx->dlen 4
SIP::INVITE received from inside:192.168.15.32/49065 to DMZ:10.10.10.50/5060
SIP::regex engine has reached end of packet
SIP::Found CSeq 101 INVITE
SIP::Found URI in request line "sip:4807259184@10.10.10.50:5060" (31)
SIP::Found valid SIP URI: sip:1001@192.168.15.32
SIP::Found From addr "sip:1001@192.168.15.32" (22)
SIP::Found From addr tag "198780~f2f5b491-e205-44d9-ad7b-b6af78e3719c-25985911" (52)
SIP::Found valid SIP URI: sip:4807259184@10.10.10.50
SIP::Found To addr "sip:4807259184@10.10.10.50" (26)
SIP::Found Via branch "z9hG4bK2b85920b5b0d8" (20)
SIP::Found Via addr "SIP/2.0/TCP 192.168.15.32:5060;branch=z9hG4bK2b85920b5b0d8" (58)
SIP::Found Max-Forwards 70
SIP::Found Call-ID 2027a200-7601393d-2b493-200fa8c0@192.168.15.32 (46)
SIP::Found Expires, 180 seconds
SIP::Found valid SIP URI: sip:1001@192.168.15.32:5060
SIP::Found Contact sip:1001@192.168.15.32:5060
SIP::Found Content-length 0
        Found port 5060
        Found port 5060
Via Port 5060
SIP::Found User-Agent
SIP::Found Expires, 180 seconds
SIP::Found Call-Info
SIP::Found Expires, 1800 seconds
        Found port 5060
SIP::Not updating database for Contact 192.168.15.32/5060, registry database total 0
Created SIP session for inside:192.168.15.32/49065 to DMZ:10.10.10.50/5060, 9 total
        From: sip:1001@192.168.15.32 (22);tag=198780~f2f5b491-e205-44d9-ad7b-b6af78e3719c-25985911 (52)
        To: sip:4807259184@10.10.10.50 (26)
        Call-ID: 2027a200-7601393d-2b493-200fa8c0@192.168.15.32 (46)
Created SIP Transaction for inside:192.168.15.32/49065 to DMZ:10.10.10.50/5060
        Call-ID: 2027a200-7601393d-2b493-200fa8c0@192.168.15.32 (46)
        CSeq: 101 INVITE
        Branch: z9hG4bK2b85920b5b0d8
>>>> SIP::Payload not modified
SIP:: Proxy forward 1082 bytes, total 1082
SIP:found content length 0, ctx->dlen 4
SIP::100 received from DMZ:10.10.10.50/5060 to inside:192.168.15.32/49065
        Found port 5060
Via Port 5060
SIP::Found Server
SIP::regex engine has reached end of packet
SIP::Found CSeq 101 INVITE
SIP::Found valid SIP URI: sip:1001@192.168.15.32
SIP::Found From addr "sip:1001@192.168.15.32" (22)
SIP::Found From addr tag "198780~f2f5b491-e205-44d9-ad7b-b6af78e3719c-25985911" (52)
SIP::Found valid SIP URI: sip:4807259184@10.10.10.50
SIP::Found To addr "sip:4807259184@10.10.10.50" (26)
SIP::Found Via branch "z9hG4bK2b85920b5b0d8" (20)
SIP::Found Via addr "SIP/2.0/TCP 192.168.15.32:5060;branch=z9hG4bK2b85920b5b0d8" (58)
SIP::Found Call-ID 2027a200-7601393d-2b493-200fa8c0@192.168.15.32 (46)
SIP::Found Content-length 0
>>>> SIP::Payload not modified
SIP:: Proxy forward 434 bytes, total 434
SIP::Message received from DMZ:10.10.10.50/35044 to outside:208.73.144.74/5060 is a possible segment, ctx->dlen 536
>>>> SIP::Payload not modified
SIP:: Proxy forward 0 bytes, total 536
SIP:found content length 0, ctx->dlen 4
SIP::INVITE received from DMZ:10.10.10.50/35044 to outside:208.73.144.74/5060
SIP::regex engine has reached end of packet
SIP::Found CSeq 101 INVITE
SIP::Found URI in request line "sip:4807259184@bt.voipdnsservers.com:5060" (41)
SIP::Found valid SIP URI: sip:6514337298@bt.voipdnsservers.com
SIP::Found From addr "sip:6514337298@bt.voipdnsservers.com" (36)
SIP::Found From addr tag "49F9654-B0E" (11)
SIP::Found valid SIP URI: sip:4807259184@bt.voipdnsservers.com
SIP::Found To addr "sip:4807259184@bt.voipdnsservers.com" (36)
SIP::Found Via branch "z9hG4bK345FF6" (13)
SIP::Found Via addr "SIP/2.0/TCP 10.10.10.50:5060;branch=z9hG4bK345FF6" (49)
SIP::Found Max-Forwards 69
SIP::Found Call-ID 9EA51B74-31A811E6-B34DC178-3F6B2A8D@10.10.10.50 (47)
SIP::Found Expires, 180 seconds
SIP::Found valid SIP URI: sip:6514337298@10.10.10.50:5060
SIP::Found Contact sip:6514337298@10.10.10.50:5060
SIP::Found Content-length 0
        Found port 5060
        Found port 5060
Via Port 5060
SIP::Found User-Agent
        Found port 5060
SIP::Not updating database for Contact 10.10.10.50/5060, registry database total 0
SIP::Found Call-Info
        Found port 5060
SIP::Found Expires, 180 seconds
SIP::Found Expires, 1800 seconds
Created SIP session for DMZ:10.10.10.50/35044 to outside:208.73.144.74/5060, 10 total
        From: sip:6514337298@bt.voipdnsservers.com (36);tag=49F9654-B0E (11)
        To: sip:4807259184@bt.voipdnsservers.com (36)
        Call-ID: 9EA51B74-31A811E6-B34DC178-3F6B2A8D@10.10.10.50 (47)
Created SIP Transaction for DMZ:10.10.10.50/35044 to outside:208.73.144.74/5060
        Call-ID: 9EA51B74-31A811E6-B34DC178-3F6B2A8D@10.10.10.50 (47)
        CSeq: 101 INVITE
        Branch: z9hG4bK345FF6
SIP:: Proxy forward 913 bytes, total 913
SIP:found content length 0, ctx->dlen 4
SIP::100 received from outside:208.73.144.74/5060 to DMZ:10.10.10.50/35044
        Found port 5060
Via Port 5060
SIP::regex engine has reached end of packet
SIP::Found CSeq 101 INVITE
SIP::Found valid SIP URI: sip:6514337298@bt.voipdnsservers.com
SIP::Found From addr "sip:6514337298@bt.voipdnsservers.com" (36)
SIP::Found From addr tag "49F9654-B0E" (11)
SIP::Found valid SIP URI: sip:4807259184@bt.voipdnsservers.com
SIP::Found To addr "sip:4807259184@bt.voipdnsservers.com" (36)
SIP::Found Via branch "z9hG4bK345FF6" (13)
SIP::Found Via addr "SIP/2.0/TCP 10.10.10.50:5060;branch=z9hG4bK345FF6" (49)
SIP::Found Call-ID 9EA51B74-31A811E6-B34DC178-3F6B2A8D@10.10.10.50 (47)
SIP::Found Content-length 0
SIP:: Proxy forward 323 bytes, total 323
SIP:found content length 0, ctx->dlen 4
SIP::4xx received from outside:208.73.144.74/5060 to DMZ:10.10.10.50/35044
        Found port 5060
Via Port 5060
SIP::regex engine has reached end of packet
SIP::Found CSeq 101 INVITE
SIP::Found valid SIP URI: sip:6514337298@bt.voipdnsservers.com
SIP::Found From addr "sip:6514337298@bt.voipdnsservers.com" (36)
SIP::Found From addr tag "49F9654-B0E" (11)
SIP::Found valid SIP URI: sip:4807259184@bt.voipdnsservers.com
SIP::Found To addr "sip:4807259184@bt.voipdnsservers.com" (36)
SIP::Found To addr tag "aprqngfrt-saujep30000a6" (23)
SIP::Found Via branch "z9hG4bK345FF6" (13)
SIP::Found Via addr "SIP/2.0/TCP 10.10.10.50:5060;branch=z9hG4bK345FF6" (49)
SIP::Found Call-ID 9EA51B74-31A811E6-B34DC178-3F6B2A8D@10.10.10.50 (47)
SIP::Found Content-length 0
SIP:: Proxy forward 354 bytes, total 354
SIP:found content length 0, ctx->dlen 4
SIP::ACK received from DMZ:10.10.10.50/35044 to outside:208.73.144.74/5060
SIP::regex engine has reached end of packet
SIP::Found CSeq 101 ACK
SIP::Found URI in request line "sip:4807259184@bt.voipdnsservers.com:5060" (41)
SIP::Found valid SIP URI: sip:6514337298@bt.voipdnsservers.com
SIP::Found From addr "sip:6514337298@bt.voipdnsservers.com" (36)
SIP::Found From addr tag "49F9654-B0E" (11)
SIP::Found valid SIP URI: sip:4807259184@bt.voipdnsservers.com
SIP::Found To addr "sip:4807259184@bt.voipdnsservers.com" (36)
SIP::Found To addr tag "aprqngfrt-saujep30000a6" (23)
SIP::Found Via branch "z9hG4bK345FF6" (13)
SIP::Found Via addr "SIP/2.0/TCP 10.10.10.50:5060;branch=z9hG4bK345FF6" (49)
SIP::Found Max-Forwards 70
SIP::Found Call-ID 9EA51B74-31A811E6-B34DC178-3F6B2A8D@10.10.10.50 (47)
SIP::Found Content-length 0
        Found port 5060
        Found port 5060
Via Port 5060
Created SIP Transaction for DMZ:10.10.10.50/35044 to outside:208.73.144.74/5060
        Call-ID: 9EA51B74-31A811E6-B34DC178-3F6B2A8D@10.10.10.50 (47)
        CSeq: 101 ACK
        Branch: z9hG4bK345FF6
Deleted SIP Transaction
        Call-ID: 9EA51B74-31A811E6-B34DC178-3F6B2A8D@10.10.10.50 (47)
        CSeq: 101 ACK
        Branch: z9hG4bK345FF6
Deleted SIP Transaction
        Call-ID: 9EA51B74-31A811E6-B34DC178-3F6B2A8D@10.10.10.50 (47)
        CSeq: 101 INVITE
        Branch: z9hG4bK345FF6
SIP::Deleting session for 10.10.10.50 to 208.73.144.74, 9 total
        From: sip:6514337298@bt.voipdnsservers.com (36);tag=49F9654-B0E (11)
        To: sip:4807259184@bt.voipdnsservers.com (36);tag=aprqngfrt-saujep30000a6 (23)
        Call-ID: 9EA51B74-31A811E6-B34DC178-3F6B2A8D@10.10.10.50 (47)
SIP:: Proxy forward 454 bytes, total 454
SIP:found content length 0, ctx->dlen 4
SIP::4xx received from DMZ:10.10.10.50/5060 to inside:192.168.15.32/49065
        Found port 5060
Via Port 5060
SIP::Found Server
SIP::regex engine has reached end of packet
SIP::Found CSeq 101 INVITE
SIP::Found valid SIP URI: sip:1001@192.168.15.32
SIP::Found From addr "sip:1001@192.168.15.32" (22)
SIP::Found From addr tag "198780~f2f5b491-e205-44d9-ad7b-b6af78e3719c-25985911" (52)
SIP::Found valid SIP URI: sip:4807259184@10.10.10.50
SIP::Found To addr "sip:4807259184@10.10.10.50" (26)
SIP::Found To addr tag "49F9738-AD3" (11)
SIP::Found Via branch "z9hG4bK2b85920b5b0d8" (20)
SIP::Found Via addr "SIP/2.0/TCP 192.168.15.32:5060;branch=z9hG4bK2b85920b5b0d8" (58)
SIP::Found Call-ID 2027a200-7601393d-2b493-200fa8c0@192.168.15.32 (46)
SIP::Found Content-length 0
>>>> SIP::Payload not modified
SIP:: Proxy forward 477 bytes, total 477
SIP:found content length 0, ctx->dlen 4
SIP::ACK received from inside:192.168.15.32/49065 to DMZ:10.10.10.50/5060
SIP::regex engine has reached end of packet
SIP::Found CSeq 101 ACK
SIP::Found URI in request line "sip:4807259184@10.10.10.50:5060" (31)
SIP::Found valid SIP URI: sip:1001@192.168.15.32
SIP::Found From addr "sip:1001@192.168.15.32" (22)
SIP::Found From addr tag "198780~f2f5b491-e205-44d9-ad7b-b6af78e3719c-25985911" (52)
SIP::Found valid SIP URI: sip:4807259184@10.10.10.50
SIP::Found To addr "sip:4807259184@10.10.10.50" (26)
SIP::Found To addr tag "49F9738-AD3" (11)
SIP::Found Via branch "z9hG4bK2b85920b5b0d8" (20)
SIP::Found Via addr "SIP/2.0/TCP 192.168.15.32:5060;branch=z9hG4bK2b85920b5b0d8" (58)
SIP::Found Max-Forwards 70
SIP::Found Call-ID 2027a200-7601393d-2b493-200fa8c0@192.168.15.32 (46)
SIP::Found Content-length 0
        Found port 5060
        Found port 5060
Via Port 5060
SIP::Found User-Agent
Created SIP Transaction for inside:192.168.15.32/49065 to DMZ:10.10.10.50/5060
        Call-ID: 2027a200-7601393d-2b493-200fa8c0@192.168.15.32 (46)
        CSeq: 101 ACK
        Branch: z9hG4bK2b85920b5b0d8
Deleted SIP Transaction
        Call-ID: 2027a200-7601393d-2b493-200fa8c0@192.168.15.32 (46)
        CSeq: 101 ACK
        Branch: z9hG4bK2b85920b5b0d8
Deleted SIP Transaction
        Call-ID: 2027a200-7601393d-2b493-200fa8c0@192.168.15.32 (46)
        CSeq: 101 INVITE
        Branch: z9hG4bK2b85920b5b0d8
SIP::Deleting session for 192.168.15.32 to 10.10.10.50, 8 total
        From: sip:1001@192.168.15.32 (22);tag=198780~f2f5b491-e205-44d9-ad7b-b6af78e3719c-25985911 (52)
        To: sip:4807259184@10.10.10.50 (26);tag=49F9738-AD3 (11)
        Call-ID: 2027a200-7601393d-2b493-200fa8c0@192.168.15.32 (46)
>>>> SIP::Payload not modified
SIP:: Proxy forward 470 bytes, total 470
SIP::INVITE received from outside:69.64.57.72/5104 to DMZ:10.10.10.50/5060
        Found port 5104
Via Port 5104
        Found port 5104
SIP::Found User-Agent
SIP: Media port 5105
SIP::session level connection addr 69.64.57.72, media port 5105
SIP::media level connection addr 69.64.57.72, media port 5105
SIP::Embedded media port 5105 found in SDP with session IP 69.64.57.72
SIP::Audio port 5105 found in SDP
SIP::regex engine has reached end of packet
SIP::Found CSeq 1 INVITE
SIP::Found URI in request line "sip:9011972592664947@10.10.10.50" (32)
SIP::Found valid SIP URI: sip:67@X.X.X.X
SIP::Found From addr "sip:67@X.X.X.X" (20)
SIP::Found From addr tag "d597cd3c" (8)
SIP::Found valid SIP URI: sip:9011972592664947@X.X.X.X
SIP::Found To addr "sip:9011972592664947@X.X.X.X" (34)
SIP::Found Via branch "z9hG4bK-47b22f72e34dd57a3965eded7d1269be" (40)
SIP::Found Via addr "SIP/2.0/UDP 69.64.57.72:5104;branch=z9hG4bK-47b22f72e34dd57a3965eded7d1269be;rport" (82)
SIP::Found Max-Forwards 70

=======================================