07-06-2010 04:24 AM - edited 03-11-2019 11:08 AM
Hi,
Running code 8.0 on ASA 5510.
All internet through internal and DMZ perfect and mail server extra are working perfectly fine for me.
All ports are opened from inside and dmz.
Now voice facility imlimented with EPABX and digital phone.
We are able to connect to remote network but no voice coming.
As per Voice team some ports like 30000-31000 needs to be opened for this to work.
As per me all ports are already opened so it could be clear cut case of new inspection policy for this.
And remove h323 etc. inspection etc.
Experts,Do let me know am I correct?
Reg,
Sushil
07-06-2010 06:51 AM
Sushil,
Can you please be more specific about the topology and how you are connecting to the remote office? If there is a VPN between the two sites, you will need to ensure that the relevant traffic is part of the Lan-to-Lan VPN access-list. If it is indeed part of the ACL, make sure that you also have 'nat (inside) 0
To ensure that all of the traffic is indeed being NATed properly, you can leverage the packet captures on the device:
capture capin interface inside match ip
capture capout interface outside match ip
show capture capin
show capture capout
What protocol is the voice traffic using - is it SIP, Skinny, or H323? If it is either of these, be sure to include an 'inspect' statement for the relevant protocol.
Hope this helps.
Best Regards,
Kevin
07-06-2010 09:29 PM
Kevin,
Unfortuntely i don't hae topology with me.
Got config and information that one public ip is statically natted on ASA and fed into EPABX.To make this working certain prots needs to be opened which indeed are allowed on ASA,but somehow ring is happeneing but voice is no going through.
I will try to get the exact topology and will get back to you.
Reg,
Sushil
07-08-2010 05:38 AM
Hi Kevin,
I just got the detail on topology.
Setup is something like this.
1. ASA has internal and DMZ ports configured.
2. One DMZ real IP is statically natted to DMZ Public IP.
3. This reall IP is fed into digital epabx systems.
4. We are using samsung Office Serv 500 (Enteprise IP solution).
5. A remote IP phone dails to public IP of this EPABX.
6. Ring happens but there is no voice coming thorugh phones.
I checked using packet tracer that all ports are opened.
I am attaching the sanitized config for the same.
If I remove the ASA from the setup then all works well.
Do let me know Am I missing something?
Reg,
Sushil
07-08-2010 09:48 AM
Hello,
Can you please post the output of "show service-policy" command from the firewall?
Regards,
NT
07-08-2010 11:41 PM
Hey thanks for your reply.
Please find attached the show service-polcy out.
I between found so many documents stating such type of problem.
Most of them states NAT and VOIP issue.
Please have a look into the below link,
http://www.velocityreviews.com/forums/t233646-the-trouble-with-nat-and-voip.html
Reg,
Sushil
07-11-2010 11:18 PM
No comments????
Anyone can help on this?
Reg,
Sushil
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide