Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2001
Views
0
Helpful
11
Replies

Voice Over IP

Go to solution
Elie El Amil
Level 1
Level 1

‎05-11-2011 02:10 PM - edited ‎03-04-2019 12:21 PM

Hi,

Kindly note that we have five routers 2811 which are distributed in all the branches and connected to head office router 2811 through a tunnel VPN; in other words, every branch connects to head office as well as to all other branches. Besides, we have a primary connection such as Ethernet and a backup connection such as ISDN; add to that a voice over IP. The above mentioned connections go through a loopback interface.

Actually, this network has to be upgraded and will be replaced by a firewalls ASA5505. On the other hand, the router has to be set behind the firewall in order to guarantee a voice over ip. In this case, the tunnel will be removed on the routers and a VPN site to site will be opened between firewalls. Our real concern is the voice over IP, and here I would like to inquire about the proper function of the voice through the firewall due to the fact that the session target is connected to the loopback IP on each router.

Is there any special configuration on the ASA concerning the voip?

Is there any routing to the loopback IPs on the ASA to insure the proper passing voip through the loopback IP?

We appreciated your support.

Labels:
0 Helpful
6 Accepted Solutions

Accepted Solutions

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame

‎05-11-2011 03:56 PM

Routers do tunnels and  VPN much better than ASA, so you may want to revise your plans.

View solution in original post

0 Helpful

Go to solution
Florin Barhala
Level 6
Level 6

‎05-14-2011 08:47 AM

I believe it will do fine; nevertheless you will to read a bit about ASA as it has many differences when comparing to routers; mostly pay attentin to policy-map feature inspection and remove sip and other voice protocols; also depeding of your scenario look on the firewall configuration side, as it has many options to be tuned.

Install ASA, configure the VPNs and VOIP and comeback if any issues should appear. I am running VOICE through ASA 5520 fine.

View solution in original post

0 Helpful

Go to solution
Mohamed Sobair
Level 7
Level 7

‎05-14-2011 11:05 PM

Hi,

Your setup will work just fine.

All what you have to do is to allow Voice Signaling protocol through the firewall to Communication Manager or the communication Manager Express (Voice Gateway).

Below link is useful,

http://www.cisco.com/en/US/customer/products/ps6120/products_configuration_example09186a008081042c.shtml

HTH

Mohamed

View solution in original post

0 Helpful

Go to solution
Alfaisaliah Group
Level 1
Level 1
In response to Elie El Amil

‎05-15-2011 06:11 AM

Yes, SIP is inspected by default on the ASA.

But you still need to allow the incoming traffic on the specified ports based on the Signaling used.

You need to have static nat translation of your call manager express and allow communication (session target communication) between the voice Gatewy router at branch side and the CME.

Please rate this post using the star box below.

HTH

Mohamed

View solution in original post

0 Helpful

Go to solution
Mohamed Sobair
Level 7
Level 7
In response to Elie El Amil

‎05-15-2011 06:24 AM

Yes, SIP is inspected by default on the ASA.

But you still need to allow the incoming traffic on the specified ports based on the Signaling used.

You need to have static nat translation of your call manager express and allow communication (session target communication) between the voice Gatewy router at branch side and the CME.

Pls rate this post using the star box below

HTH

Mohamed

View solution in original post

0 Helpful

Go to solution
Mohamed Sobair
Level 7
Level 7
In response to Elie El Amil

‎05-16-2011 05:22 AM

You can follow the attached link for the required config.

what else part of the config you need?

Regards,

Mohamed

View solution in original post

0 Helpful
11 Replies 11

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame

‎05-11-2011 03:56 PM

Routers do tunnels and  VPN much better than ASA, so you may want to revise your plans.

0 Helpful

Go to solution
Elie El Amil
Level 1
Level 1
In response to paolo bevilacqua

‎05-13-2011 01:21 PM

I have to implement the scenario with ASA. I don't have another choice.

0 Helpful

Go to solution
Florin Barhala
Level 6
Level 6

‎05-14-2011 08:47 AM

I believe it will do fine; nevertheless you will to read a bit about ASA as it has many differences when comparing to routers; mostly pay attentin to policy-map feature inspection and remove sip and other voice protocols; also depeding of your scenario look on the firewall configuration side, as it has many options to be tuned.

Install ASA, configure the VPNs and VOIP and comeback if any issues should appear. I am running VOICE through ASA 5520 fine.

0 Helpful

Go to solution
Elie El Amil
Level 1
Level 1
In response to Florin Barhala

‎05-14-2011 11:51 AM


Thank you for the important information. kindly could you send me an example about the mentioned configuration? How to can I remove a sip and other voice protocols from the policy-map and why I have to remove it? What is the tuned in the ASA configuration concerning my scenario?

Your time and consideration are highly appreciated.

0 Helpful

Go to solution
Mohamed Sobair
Level 7
Level 7

‎05-14-2011 11:05 PM

Hi,

Your setup will work just fine.

All what you have to do is to allow Voice Signaling protocol through the firewall to Communication Manager or the communication Manager Express (Voice Gateway).

Below link is useful,

http://www.cisco.com/en/US/customer/products/ps6120/products_configuration_example09186a008081042c.shtml

HTH

Mohamed

0 Helpful

Go to solution
Elie El Amil
Level 1
Level 1
In response to Mohamed Sobair

‎05-15-2011 05:45 AM

Hi,

with reference to the above link ,I found out that the sip is enable by default on ASA,

Is it right? Noting that we haven't a call manager.

0 Helpful

Go to solution
Alfaisaliah Group
Level 1
Level 1
In response to Elie El Amil

‎05-15-2011 06:11 AM

Yes, SIP is inspected by default on the ASA.

But you still need to allow the incoming traffic on the specified ports based on the Signaling used.

You need to have static nat translation of your call manager express and allow communication (session target communication) between the voice Gatewy router at branch side and the CME.

Please rate this post using the star box below.

HTH

Mohamed

0 Helpful

Go to solution
Mohamed Sobair
Level 7
Level 7
In response to Elie El Amil

‎05-15-2011 06:24 AM

Yes, SIP is inspected by default on the ASA.

But you still need to allow the incoming traffic on the specified ports based on the Signaling used.

You need to have static nat translation of your call manager express and allow communication (session target communication) between the voice Gatewy router at branch side and the CME.

Pls rate this post using the star box below

HTH

Mohamed

0 Helpful

Go to solution
Elie El Amil
Level 1
Level 1
In response to Mohamed Sobair

‎05-15-2011 11:31 AM

how can i do the mentioned configuration? could you send me such an example concerning this configuration?

Thanks in advance.

0 Helpful

Go to solution
Mohamed Sobair
Level 7
Level 7
In response to Elie El Amil

‎05-16-2011 05:22 AM

You can follow the attached link for the required config.

what else part of the config you need?

Regards,

Mohamed

0 Helpful

Go to solution
Elie El Amil
Level 1
Level 1
In response to Mohamed Sobair

‎05-16-2011 08:23 AM

Hi,

I found out in the attached link how to configure a policy map and inspect SIP. But is there any additional config conecerning the voice? How to configure the static nat translation?

Thanks for your time.

Elie

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card