Problem in ASA5520 with Asterisk Server , Softphone can't register

Unanswered Question
Dec 12th, 2007
User Badges:

Problem in ASA5520 with Asterisk Server , Softphone can't register

Static NAT

Real IP === Firewall === Asterisk Server

||======== Web Server


Now i create static nat from public ip to private ip both server,

I can't access to web server (i thing nat it work), But in softphone can't register to Asterisk Server


Config :

access-list inside_access_in extended permit ip any any

access-list outside_access_in extended permit ip any any


static (inside,outside) 212.129.61.3 192.168.0.30 netmask 255.255.255.255

static (inside,outside) 212.129.61.4 192.168.0.31 netmask 255.255.255.255

static (inside,outside) 212.129.61.5 192.168.0.10 netmask 255.255.255.255


policy-map global_policy

class inspection_default

inspect dns maximum-length 512

inspect tftp

inspect sip


Please advice to me i must reconfig on ASA ?

Thank you so much

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
stevechege Fri, 11/15/2013 - 16:20
User Badges:

ASA (Asterisk Fix)

===============

policy-map global_policy


  class inspection_default

     no inspect sip


PIX (Asterisk Fix)

=============


If you still have a PIX


do this


no fixup protocol sip 5060

no fixup protocol sip udp 5060

Julio Carvajal Fri, 11/15/2013 - 23:24
User Badges:
  • Purple, 4500 points or more

As everyone said remove the inspection and afterwards clear the local-host table for the hosts in discussion,


Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

jumora Mon, 11/18/2013 - 21:07
User Badges:
  • Cisco Employee,

The problem with asterisk is that in a normal setup without a Cisco firewall it would be obligated to define the global address or NATTED IP for SIP payload but with the ASA inspection the ASA needs to see the real IP so it can modify this payload with NATTED IP.


Just disable asterisk function to map the global IP and let the ASA inspect.


More information about SIP inspection on the next link:


http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008081042c.shtml#sip

jumora Tue, 11/19/2013 - 11:41
User Badges:
  • Cisco Employee,

Did you understand what I was mentioning?

jumora Wed, 11/20/2013 - 11:43
User Badges:
  • Cisco Employee,

Help is for free then we need you to rate the assistance.

jumora Thu, 11/21/2013 - 07:35
User Badges:
  • Cisco Employee,

Are your issues resolved???



Value our effort and rate the assistance!

stevechege Thu, 11/21/2013 - 09:22
User Badges:

Jumora...i am not sure why you are upset...we are just contributing to the community...i had this issue a while back and i posted how i fixed it for others who might have the same issue.

jumora Thu, 11/21/2013 - 09:51
User Badges:
  • Cisco Employee,

The comment that is under what I am writing is just a comment that I post as part of a signature, it's a template, please don't take it personal, but I always comment that we need customer's to rate the assistance as we are taking time to answer their questions.


Value our effort and rate the assistance!

Actions

This Discussion