Unanswered Question
Oct 3rd, 2007


I'm fairly new to configuring the ASA firewalls and I'm currently stuck trying to figure out how to allow incoming SIP calls into the to the firewall. I've read some documentation on how to create a NAT rule, but I'm assuming because of my setup using straight NAT is not possible. I know that my description is a little vague. If any other information is needed please let me know. Here is my current config file:

ASA Version 7.2(2)


hostname firewall


enable password XXXXXXX encrypted



interface Vlan1

nameif inside

security-level 100

ip address


interface Vlan2

nameif outside

security-level 0

ip address dhcp setroute


interface Vlan3

no forward interface Vlan1

nameif dmz

security-level 50

no ip address


interface Ethernet0/0

switchport access vlan 2


interface Ethernet0/1


interface Ethernet0/2


interface Ethernet0/3


interface Ethernet0/4


interface Ethernet0/5


interface Ethernet0/6


interface Ethernet0/7


passwd XXXXXXXXXX encrypted

ftp mode passive

dns server-group DefaultDNS


access-list 101 extended permit tcp any gt 1023 interface outside eq ssh

access-list 101 extended permit tcp any gt 1023 interface outside eq sip

access-list 101 extended permit udp any gt 1023 interface outside eq sip

pager lines 24

logging enable

mtu outside 1500

mtu inside 1500

mtu dmz 1500

icmp unreachable rate-limit 1 burst-size 1

asdm image disk0:/asdm-522.bin

no asdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 1

static (inside,outside) tcp interface www Mythtrix www netmask

static (inside,outside) tcp interface ssh Mythtrix ssh netmask

static (inside,outside) tcp interface sip Mythtrix sip netmask

static (inside,outside) udp interface sip Mythtrix sip netmask

access-group 101 in interface outside

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout uauth 0:05:00 absolute

username nick password XXXXXXXXXX encrypted

aaa authentication ssh console LOCAL

http server enable

http inside

no snmp-server location

no snmp-server contact

snmp-server enable traps snmp authentication linkup linkdown coldstart

telnet timeout 5

ssh inside

ssh timeout 60

ssh version 2

console timeout 0

dhcpd auto_config outside


dhcpd address inside

dhcpd dns interface inside

dhcpd domain interface inside

dhcpd enable inside



class-map inspection_default

match default-inspection-traffic



policy-map type inspect dns preset_dns_map


message-length maximum 512

policy-map global_policy

class inspection_default

inspect dns preset_dns_map

inspect ftp

inspect h323 h225

inspect h323 ras

inspect rsh

inspect rtsp

inspect esmtp

inspect sqlnet

inspect skinny

inspect sunrpc

inspect xdmcp

inspect sip

inspect netbios

inspect tftp


service-policy global_pol

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion