I have an ASA5505 in place that everything on the LAN network appears to be working as far as PCs and such. However we have IP phones coming from the Internet that are at issue.
On the local LAN phones can talk to each other no issue, and PCs can get out to the Internet and network print, etc. But when someone from the outside phones calls a phone on the local LAN(and vice versa) the phone rings, but there is no sound when answered in either direction.
These phones use an ALLWORX PBX that is on the local LAN.
I WANT to NAT the ALLWORX so it isn't outright exposed, but so far that is the only way I can get it to work for everyone.
I DID have udp/2088,udp/5060,tcp/8081,udp/15000-15511 opened for the external(12.x.x.90) and internal (192.168.x.22) IP both incoming and outgoing but started seeing these results. So I opened all ports to all IPs, with the exact same results.
This is the config with the udp/tcp ports allowed (attached)
I was trying a lot around to find a solution but i was hitting always to Not Answered posts.
After a lot of search it looks indeed that was related with RTP traffic being denied from the PIX/ASA.
Here's what works for me (Asterisk (SIP/IAX) Internally - SIP/IAX2 Clients outside - ASA 8.0(4)
object-group service [OBJ_NAME]
service-object tcp-udp eq 4569 #for IAX2
service-object tcp-udp eq sip
service-object udp range 10000 20000 #for RTP needed by SIP clients NEVER USE tcp-udp here NEVER!
access-list [ACL_NAME] extended permit object-group [OBJ_NAME] any interface outside
access-group [ACL_NAME] in interface outside
static (inside,outside) udp interface sip [my internal VoIP_SRV_IP] sip netmask 255.255.255.255
static (inside,outside) udp interface 4569 [my internal VoIP_SRV_IP] 4569 #for IAX2
and of course didn't worked until i added inspection of sip in the global policy map
do not forget to apply it by
service-policy global_policy global