Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
644
Views
0
Helpful
3
Replies

Voice and ASA5510

Go to solution
Oscar Martinez
Level 1
Level 1

‎06-05-2017 04:05 PM - edited ‎03-12-2019 02:28 AM

I'm hoping someone can please help me out. 

I  have an ASA 5510 connected to a 3560 PoE Switch and the switch has a Digium D40 IP Phone connected to it. 

I have an IP address of 10.10.10.1 /24 on the Ethernet 0/2 where the switch is connected. The ASA is acting as a DHCP server for that interface and is giving the phone an IP of 10.10.10.100. 

I am trying to get the phone to connect to a SIP server with IP 54.xxx.xxx.xxx from Amazon Web Services. My question is what must I configure on the ASA for the phone to successfully connect to that SIP server?   

If any more information on the setup is needed i'll be glad to fill in the blanks. 

Any help would be very appreciated. 

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Dennis Mink
VIP Alumni
VIP Alumni

‎06-05-2017 06:35 PM

open port 5060 from 54.xx.xx.xx.xx and static NAT your public IP address on port 5060 to the internal IP address of your Digium box, also do SIP inspection to dynamically open up high ports for RTP.

Please rate if useful

Please remember to rate useful posts, by clicking on the stars below.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Dennis Mink
VIP Alumni
VIP Alumni

‎06-05-2017 06:35 PM

open port 5060 from 54.xx.xx.xx.xx and static NAT your public IP address on port 5060 to the internal IP address of your Digium box, also do SIP inspection to dynamically open up high ports for RTP.

Please rate if useful

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful

Go to solution
Oscar Martinez
Level 1
Level 1
In response to Dennis Mink

‎06-05-2017 08:45 PM

Hi Dennis thank you for the reply. I will do this as soon as I get to the office tomorrow and report on how it went.

0 Helpful

Go to solution
Oscar Martinez
Level 1
Level 1
In response to Oscar Martinez

‎06-06-2017 03:06 PM

I added the following commands to the ASA: 

object network DIGIUM_PHONE
host 10.10.10.100
object service SIPPORT
service udp source eq sip
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group service SIP_PORTS tcp-udp
port-object eq sip

access-list outside_access_in_1 extended permit object-group TCPUDP any object DIGIUM_PHONE object-group SIP_PORTS

nat (voice,outside) source static DIGIUM_PHONE interface service any SIPPORT

access-group outside_access_in_1 in interface outside

I tried connecting to the SIP server and it worked! 

Thank you so much for your assistance. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card