Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
13485
Views
10
Helpful
7
Replies

Voice call issue due to sip alg enabled in Cisco FTD .

Arun_Singh
Level 1
Level 1

‎02-20-2019 01:05 AM

There is requirement of disabling SIP Alg as due to some issue in voice call which get disconnected after few minutes . It has been suggested to turn off SIP Alg in our Cisco Ftd firewalls . What would be the impact on traffic and how can I disable SIP Alg in Cisco FTD firewall which are managed through Cisco FMC .

1 person had this problem
Labels:
0 Helpful
7 Replies 7

Mohammed al Baqari
Level 11
Level 11

‎02-20-2019 01:55 AM

>From FTD CLI, enter the command 'configure inspection sip disable'. You can
generalize this from FMC using flexconfig.

The impact is you need to have rules to allow audio ports through FTD as
they are inspected part of sip inspection and allowed without ACLs if you
have sip inspection ON.

RTP ports are UDP 16384 to 32767.

******* Please remember to rate useful posts

Arun_Singh
Level 1
Level 1
In response to Mohammed al Baqari

‎02-22-2019 01:08 AM

After  'configure inspection sip disable' through the cli ,do I need to make changes in Flex config as well or running the command in cli would disable the sip inspection . After analyzing the wireshark logs I come across 401 error for sip protocol .

0 Helpful

Arun_Singh
Level 1
Level 1
In response to Arun_Singh

‎02-22-2019 05:09 AM

I created a object for DisableInspectProtocol for sip protocol and call that object in Object by duplicating Default_Inspection_Protocol_disable object in Flexconfig Object .I used that user defined policy in Prepend Flex config and when I was about to deploy and push I got an Warning stating that "need to configure same value for these topologies" in site to site tunnel .

 

My Flexconfig object and policies are ready to be called and push the changes in devices . Please suggest what changes are to be made in the exiting tunnel as in warning not getting much details for the required changes .

0 Helpful

Dennis Mink
VIP Alumni
VIP Alumni

‎02-20-2019 03:15 AM

Just as a matter of interest. is this a 3rd Party suggestion or does it come from Cisco. also, what voice product signals through this FW? cucm?  cube? cme?

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful

Arun_Singh
Level 1
Level 1
In response to Dennis Mink

‎02-22-2019 01:14 AM

Suggestion was from third party voice team and not from cisco . They were suspecting due to sip inspection calls are getting disconnected when the traffic is made to pass through the firewall . When firewall was bypassed they do not observe any issues .

shiflettf
Level 1
Level 1
In response to Arun_Singh

‎01-06-2020 12:46 PM

any updates on this issue, I am having a similar issue.

0 Helpful

techpros
Level 1
Level 1

‎11-23-2020 06:50 AM

I am experiencing an issue where I disable SIP inspection in FTD and it turns itself back on between 3 and 5 days after I disable it.  No Audio internally but outside callers can hear.  Any Suggestions? 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card