We provide enterprise VOIP to a group of customers with our Callmanagers located at two Network Operations Centers. We are in an IP only environment (no PBXs, gateways, etc). Both NOCs and Callmanagers reside behind a firewall. All sites connect to the NOCs without a local firewall, with the exception of one. VOIP functions properly for all sites except the site with the local ASA firewall. The local firewall ruleset allows IP from anyone to anyone (political thing...they don't feel comfortable removing their legacy firewall completely yet). Phones residing behind the site customer firewall experience a ~5 second lag answering, placing, and terminating phone calls. Once the call is answered and it finally "picks up," VOIP traffic passes properly and the quality of the call is good. When the receiver is hung up, there is approximately a 5 second delay before the phone actually hangs up. The same lag exists for placing calls in that the user must wait 5 seconds before presented a dial tone. The lag described above also exists between phones at the same site. A central router at the site NATs the IP addresses of the phones supporting two customers (customer A and customer B). Customer A's phones function properly (no firewall) while customer B's do not (firewall). Customer B's firewall is not performing any type of NAT. The logging set to debugging on the site firewall has not produced any hints or signals as to what the problem is.
Has anyone seen this problem before? I do not readily have the software version of the ASA. Thanks in advance for any assistance provided.
Please reference the attached Visio diagram.