10-24-2017 11:56 AM - edited 02-21-2020 06:34 AM
Hello !
I have VoIP SIP servers in my internal network. Now I want to provide SIP softphones to register on servers and use internal VoIP resources. I put on ASA with public address between Internet and my intranet. Also, I NAT-ed address off my servers to public address and,with ACL allowed any address outsdie to connect to SIP servers. I turned SIP inspection off. Well, softphones are registred on servers,I can place the call and everything looks fine.But,after 60 sec,Phones lose registration...Why?Please help me, it is pretty urgent.
10-24-2017 01:38 PM
Hello @tandrejevic
And why do you think ASA is the problem? Do you have some evidence of it?
Which Voip system do you have? Asterisk ?
-If I helped you somehow, please, rate it as useful.-
10-24-2017 01:58 PM
Hello
Thanks for your interest. We have Avaya system and if I put softphone in inside ASA (in intranet exactly) everything works fine...Also,if I
try trace on ASA ,I get massage ,,denied due to NAT reverse path failure"
I heve done NAT with:
object network-object SM1
host 192.168.1.15
nat (inside,outside) static 217.X.X.15
and configured ACL
access-list OUTSIDE permit tcp any host 192.168.1.15 eq 5061
I tried with
access-list OUTSIDE permit ip any host 192.168.1.15
but,with same result.
What I am missing ?
Thanks in advance!
10-24-2017 02:16 PM
Everything I´ve been reading so far about SIP through ASA says that you need to perform inspect.
"To support SIP calls through the ASA, signaling messages for the media connection addresses, media ports, and embryonic connections for the media must be inspected, because while the signaling is sent over a well-known destination port (UDP/TCP 5060), the media streams are dynamically allocated. Also, SIP embeds IP addresses in the user-data portion of the IP packet. SIP inspection applies NAT for these embedded IP addresses."
You said above that you turned inspection off, right?
-If I helped you somehow, please, rate it as useful.-
10-24-2017 02:24 PM
Hi,
yes,I turned sip inspection off...But before I had turned off - situation was same...I will read post in the link which you send me. Tomorrow I will try again to turn sip inspection on. Do you mind that sip timeouts in basic ASA configuration have some influence in my problem ?
kind regards
10-24-2017 02:42 PM
I think so. Although you problem is related to phone registration and not voice communication itself.
Is there any debug on the Avaya side to help you why phone loses connection?
-If I helped you somehow, please, rate it as useful.-
10-24-2017 02:50 PM
Flavio
I will try to see what Avaya ,,says"...Thanks anyway.
10-24-2017 02:46 PM
Flavio,
just one more question ... Our server actually uses port 5061 (tls). Is it
sip inspection enough? How I can add inspection port 5061 ?
Thanks for your time.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide