cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
12754
Views
0
Helpful
15
Replies

inspect sip dropping "sip request: MESSAGE" packets

Dennis Goh
Level 1
Level 1

Hi,

I have 2 ASA 5510 firewalls at 2 different sites. Both running on version 8.0.4. Users are using an Instant Messaging type of application provided by a local telco here which is able to send and receive SMS using SIP (from the packet capture that I've done).

When users use the IM in site A, they are able to send and receive text messages via the IM from behind the firewall. However, when the users are in site B, users are able to send out text messages but not able to receive them.

I noticed that when I remove "inspect sip" from site-B's global policy map, users from site-B can successfully receive text messages. I have confirmed that it is the firewall that drops the packets as I have captured the inside and outside interfaces of site-B's ASA and I can see the incoming sip "request: MESSAGE" packet on the outside interface but I do not see the packet exiting the inside interface.

I have cross check both firewall configurations, and I do not see anything suspicious commands relating to sip that might cause this issue. Is there any command to troubleshoot why the sip inspection is dropping the sip packets on site-B?

Thanks in advance,

Dennis

15 Replies 15

Shrikant Sundaresh
Cisco Employee
Cisco Employee

Hi Dennis,

Could you perhaps collect the output of "debug sip" for a test sms on the Site-B firewall (with inspect sip enabled); and paste it here.

[Please make sure that there is very little Sip traffic going through the network, otherewise the debugs might overwhelm the ASA]

The debugs might help in determining why it is dropping the packets from Site-A.