Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
696
Views
5
Helpful
6
Replies

ASA Phone Proxy - UDP Forward required?

btfreitag
Level 4
Level 4

‎12-01-2008 11:11 AM - edited ‎03-15-2019 02:50 PM

We are looking at using "ASA Phone Proxy" to send IP phones home with a large number of our end users. In reading through the ASA 8.0 config guide, I see it mentioned that the networks of the end users must do port forwarding (big UDP range or 'dmz' config) on their SoHo routers to make TFTP and bi-directional voice work.

Is this true? Has this been the experience of people that have deployed this technique?

Thanks in advance for your insight...

Labels:
0 Helpful
6 Replies 6

Marwan ALshawi
VIP Alumni
VIP Alumni

‎12-01-2008 01:11 PM

logically u need big range of udp to be opened for voice traffic

but from security and firewalls prespective u will not open that range u will only open lets say SCCP, TFTP then when the call start after call signalling establishment the firewall will do traffic inspection and open the required udp traffic for that call two ways

this is also called statefull packet filltering

hope this helpful

0 Helpful

Jon Nelson
Level 3
Level 3
In response to Marwan ALshawi

‎12-01-2008 01:56 PM

One other key requirement for ASA Phone Proxy is the requirement of two external IP addresses. One for TFTP/Signaling and the other for Media Termination. This causes an issue for most home Internet access as most people don't have business class Cable or multi-space IP space on DSL.

If someone has found a way around this I'd love to hear about it.

Thank you,

Jon

0 Helpful

btfreitag
Level 4
Level 4
In response to Jon Nelson

‎12-01-2008 02:25 PM

Hi Jon,

You only need the extra IPs on the 'head-end' side, right?

Thanks.

Ben

Jon Nelson
Level 3
Level 3
In response to btfreitag

‎12-01-2008 02:53 PM

That is correct. I wanted to point it out for people that don't have full class C's available, extra IP space or people that want to test from home or even use a backup connection in the office such as Cable or DSL.

Thanks for clarifying my post. 5 points!

-Jon

0 Helpful

redrobish
Level 1
Level 1
In response to Jon Nelson

‎01-07-2009 10:14 PM

hi jmnelson78,

Are you saying that at least one static ip is needed on the user's end in other for the phone proxy to work? sorry, just want to clarify it since we are looking into deploying it. Should it work even if it's a dynamic ip (DSL) as the guide says?

pls. enlighten me...

thnx

0 Helpful

donniefowler
Level 1
Level 1
In response to redrobish

‎01-09-2009 02:09 PM

We use the phone proxy appliance (pre ASA code). Dynamic IP is fine. If your home WAN ip changes then you just need to go back to the registration web page and log in again.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents