We have an ASA 5510 which was installed at a site some time ago, however I have recently migrated the site's traffic to it away from a previous router (Meraki device of some description)
There is a CUCM server with a SIP trunk to the internet
Since the migration took place, the SIP trunk has stopped working (when a call is placed the destination number doesn't even ring)
I have tried with both SIP inspection enabled and disabled and this doesn't help
The ASA is set up with a one to one NAT rule from one of site's public IPs to the internal IP of the CUCM (site2site is the name of the internet-facing interface on the device... for some reason)
There is an inbound firewall rule configured to allow access from the SIP trunk back to the CUCM server internal IP, and the equivalent outgoing rule for the traffic to the IP of the sip trunk (80.xxx):
I can't see any blocked traffic whatsoever in the logs relating to this connectivity. Packet tracer says the traffic is allowed and NAT-ed correctly
We spoke to the SIP provider and performed a packet capture using the ASA capture wizard and sent the files to them,
After analysis, they said that we were sending a private IP in the data shown here, which is the reason for the failure (as their end doesn't know the IP to send traffic back to):
The trace was performed with SIP inspection on (but the call also fails with it turned off)
I've removed any information that could be personally identifiable from the data but I hope that it still all makes sense
Does anyone have any thoughts on next steps I can try? Really stuck as to where I can go from here and how this was working on the past
The purpose of this document is to demonstrate how ISE authenticate / authorize a user that uses a smart card (PIN + Certificate) and password mechanism to login their system. This document describes the components used for this setup, configuration of IS...
For all versions of the Email Security Appliance (ESA) and Security Management Appliance (SMA), some Secure Sockets Link (SSL) certificates issued from the QuoVadis root certificate authority (CA) trust chain before 2021-03-31 cannot b...
Automation and programmability for networking and security are increasingly important topics. Every release since ISE 1.2 has included new REST API capabilities to better automate and integrate ISE with the rest of your network, appli...
The latest iteration (v2.3.4) of the Cisco Secure Firewall Migration Tool adds public beta support for S2S VPN migrations from ASA:
Policy-based (crypto map) Pre-Shared key authentication type VPN configuration to Firepower Management Center
Cisco Defense Orchestrator (CDO) is a cloud-based, multi-device manager that manages security products like Adaptive Security Appliance (ASA), Firepower Threat Defense next-generation firewall, and Meraki devices, to name a few.
We make improvement...