I'm having issues with getting SIP and RTP traffic through a Cisco ASA with NAT enabled.
Diagram of issue:
http://i.imgur.com/Ymwl7Xm.jpg
Now, when we enable the SIP inspection on the ASA, the SIP messages are generated by "SIP CLIENT" and when generating a "200 OK" as part of the registration process, it adds two "via" headers to it. The first via header field is an IP I don't know, the second via header is the SIP servers IP. As this 200 OK goes through the ASA the ASA decides the second Via header field needs to be replaced with it's IP, which it then forwards to the SIP server. The SIP server sends it back, the ASA sends it back, etc until a huge loop has been completed. (This is confusing to explain so please see this for further explanation: http://i.imgur.com/ngl4MGF.jpg)
My question so far is, is this a bug? Default behaviour? Anyway to disable this part of the SIP inspection?
When we disable SIP inspection, we can get the SIP CLIENT registered and it can make a phone call but we get no audio (RTP). Is there a way of making this work? Or does it require SIP inspection?