Showing results for 
Search instead for 
Did you mean: 


SIP trunk not working after ASA install

Hi all


We have an ASA 5510 which was installed at a site some time ago, however I have recently migrated the site's traffic to it away from a previous router (Meraki device of some description)


There is a CUCM server with a SIP trunk to the internet


Since the migration took place, the SIP trunk has stopped working (when a call is placed the destination number doesn't even ring)


I have tried with both SIP inspection enabled and disabled and this doesn't help


The ASA is set up with a one to one NAT rule from one of site's public IPs to the internal IP of the CUCM (site2site is the name of the internet-facing interface on the device... for some reason)


NAT rule.pngFirewall rule incoming.png


There is an inbound firewall rule configured to allow access from the SIP trunk back to the CUCM server internal IP, and the equivalent outgoing rule for the traffic to the IP of the sip trunk (


Firewall rule outgoing.png

I can't see any blocked traffic whatsoever in the logs relating to this connectivity. Packet tracer says the traffic is allowed and NAT-ed correctly


We spoke to the SIP provider and performed a packet capture using the ASA capture wizard and sent the files to them,

After analysis, they said that we were sending a private IP in the data shown here, which is the reason for the failure (as their end doesn't know the IP to send traffic back to):


The trace was performed with SIP inspection on (but the call also fails with it turned off)


Traffic cap.jpg


I've removed any information that could be personally identifiable from the data but I hope that it still all makes sense


Does anyone have any thoughts on next steps I can try? Really stuck as to where I can go from here and how this was working on the past


Thanks in advance

Content for Community-Ad