07-11-2018 08:46 AM - edited 02-21-2020 07:58 AM
Hi Guys
Ran into an issue today with our VOIP service provider, calls were not coming through, a quick call to the service provider suggested to turn of SIP inspection, and yep it works.
My question is if SIP is not being inspected and we have no ACL how does this work?
Thanks
Solved! Go to Solution.
07-11-2018 04:33 PM
when you turn SIP inspection off, you essentially pass on SIP traffic (most likely based on udp/5060 and 61 or tcp). the ASA will then not "intelligently" inspect SIP protocol headers and dynamically open up RTP ports based on the inspection. SIP inspection can be a bit of a double edged sword. sometimes it creates problems, sometimes it fixes them
07-11-2018 04:33 PM
when you turn SIP inspection off, you essentially pass on SIP traffic (most likely based on udp/5060 and 61 or tcp). the ASA will then not "intelligently" inspect SIP protocol headers and dynamically open up RTP ports based on the inspection. SIP inspection can be a bit of a double edged sword. sometimes it creates problems, sometimes it fixes them
10-01-2021 12:06 PM
@Dennis Mink we recently had a very similar issue.
Here's the setup:
We have a global deny policy - no ACL, no pass.
We did not have ACLs allowing traffic to flow through a firewall to our CUBEs.
SIP inspection was ON.
Calls are flowing.
Change to inspection policy - do not match (inspect) for a single IP.
We apply policy and no new RTP is set up, resulting in calls coming through with no audio.
We quickly put ACLs in place to allow our SIP endpoints (Soft Phones) a path to the CUBEs.
Calls start flowing.
Inspection policy is still in place.
We open a TAC case and the agent says it should have never worked without ACLs.
I'm a little confused. Should the inspection policy dynamically create pathways for SIP traffic or is an ACL required? it seems to be as of right now, at least, but the doesn't explain the last few years. Of note - this is the first time we've touched the inspection policy in our tenure here.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide