SIP TRUNK NOT FUNCTION!

Lucio Garrido · ‎03-15-2016

Hello everyone!

Please I need your support with a configuration about traffic SIP NAT-PAT on my Cisco ASA 5520, we have this configuration in this moment but no working properly.
In the global-policies, I tried enable and disable the SIP inspection without look any change.

This my topology:

Server----->Switch Core-----> FW ASA<----- Internet-----ISP SIP.

Someone had this problem?

object service SRV_AVAYA-UDP
service udp source range 10000 20000

service udp source eq 5060

object service SRV_AVAYA-Xlate-UDP
service udp source range 10000 20000

service udp source eq 5060

object network SVR_SIP_TRUNK_WAN
host P.P.P.P (IP Address Public).

object service SVR_SIP_TRUNK

host S.S.S.S (IP Address Server inside)

nat (inside,outside) source static SVR_SIP_TRUNK SVR_SIP_TRUNK_WAN service SRV_AVAYA-UDP SRV_AVAYA-Xlate-UDP

access-list outside_access_in line 1 extended permit udp any4 host S.S.S.S eq 5060

access-list outside_access_in line 2 extended permit udp any4 host S.S.S.S range 10000 20000

access-list outside_access_in line 3 extended permit udp any4 host S.S.S.S range 10000 20000

Regards!

Philip D'Ath · ‎03-15-2016

Is this a SIP trunk (as opposed to registration)?

Make the NAT a simple 1:1 rather than using a bunch of ports like that (assuming you can give it an entire IP address).

If you can make it 1:1 an example using object NAT notation:

object service SVR_SIP_TRUNK
 nat (inside,outside) static <ip address on outside network>