Voice call issue due to sip alg enabled in Cisco FTD .
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-20-2019 01:05 AM
There is requirement of disabling SIP Alg as due to some issue in voice call which get disconnected after few minutes . It has been suggested to turn off SIP Alg in our Cisco Ftd firewalls . What would be the impact on traffic and how can I disable SIP Alg in Cisco FTD firewall which are managed through Cisco FMC .
- Labels:
-
NGFW Firewalls
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-20-2019 01:55 AM
generalize this from FMC using flexconfig.
The impact is you need to have rules to allow audio ports through FTD as
they are inspected part of sip inspection and allowed without ACLs if you
have sip inspection ON.
RTP ports are UDP 16384 to 32767.
******* Please remember to rate useful posts
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-22-2019 01:08 AM
After 'configure inspection sip disable' through the cli ,do I need to make changes in Flex config as well or running the command in cli would disable the sip inspection . After analyzing the wireshark logs I come across 401 error for sip protocol .
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-22-2019 05:09 AM
I created a object for DisableInspectProtocol for sip protocol and call that object in Object by duplicating Default_Inspection_Protocol_disable object in Flexconfig Object .I used that user defined policy in Prepend Flex config and when I was about to deploy and push I got an Warning stating that "need to configure same value for these topologies" in site to site tunnel .
My Flexconfig object and policies are ready to be called and push the changes in devices . Please suggest what changes are to be made in the exiting tunnel as in warning not getting much details for the required changes .
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-20-2019 03:15 AM
Just as a matter of interest. is this a 3rd Party suggestion or does it come from Cisco. also, what voice product signals through this FW? cucm? cube? cme?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-22-2019 01:14 AM
Suggestion was from third party voice team and not from cisco . They were suspecting due to sip inspection calls are getting disconnected when the traffic is made to pass through the firewall . When firewall was bypassed they do not observe any issues .
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-06-2020 12:46 PM
any updates on this issue, I am having a similar issue.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-23-2020 06:50 AM
I am experiencing an issue where I disable SIP inspection in FTD and it turns itself back on between 3 and 5 days after I disable it. No Audio internally but outside callers can hear. Any Suggestions?
![](/skins/images/5BCFDE0138A9573C8EB2CB0A1DB573AC/responsive_peak/images/icon_anonymous_message.png)