cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2662
Views
1
Helpful
5
Replies

VOIP issues from behind ASA 5510

j-shook
Level 1
Level 1

The Voip pbx resides on a seperate lan, not connected to the ASA.  Users from behind the ASA (inside) try to connect to the VOIP pbx using a soft phone.  The Voip connection is established, however users cannot here conversations on either end.

  Im assuming this is possibly a Sip and Pat issue?  The ASA firewall is using a seperate Global IP for PAT.  Also I have opened ports on the outside interface for SIP udp 8081, 2088,16000-16010 and 15000-15511.  I have both SIP and H323 h225 inspection in place as well. 

5 Replies 5

Julio Carvajal
VIP Alumni
VIP Alumni

Hello,

At this moment the best option would be to do some captures and debug for the h323 h225 events.

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

masmith0324
Level 1
Level 1

Is the VoIP PBX on the outside interface or inside interface?  If it's on the outside you may want to look into NAT hairpinning.

The VOIP PBX is on the outside.  The problem may be fixed now.  One of the users changed his client settings in regards to Firewall Traversal .  By changing the Traversal method to NONE it seems to work.    Previously there was a Checkpoint firewall that the ASA replaced.  Im not sure what changed in regards to the VOIP between firewalls.  The Softphone Client is X-lite

masmith0324
Level 1
Level 1

I just went through this exact same scenario (swapping Checkpoint w/ ASA).  Be careful because the issue was hit or miss.  Again look into NAT hairpinning.

Most likely you are not maching the default inspection since it should be working on the known port 5060, as a personal recommendation I will use the fixup for SIP to match the port 5060, also you can confirm if he inspection is actually matching the sip traffic using the debug sip and debug sip ha in order to verify if it is working properly, in case you would like to find out why it is not working as expected please do not hesitate on keep posting, I will be more than glad to assist you on this.

In case you would like to continue working can you provide me the following information

show run of the ASA you are using

debug sip and debug sip ha

captures of the traffic on the inside and the outside

Can you confirm me if the no audio is both ways or if one of them can actually hear something.

Regards,

Luis Sandi

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: