- Silver, 250 points or more
I am trying to have internal users behind an ASA use a VOIP application. The vendor mentioned to me that their application needs SIP to extend UDP ports 5060 to 5063. Below is what I did.
object-group service Five9_SIP udp
description Five9 UDP Ports
port-object range sip 5063
access-list From_Internet_In extended permit tcp 220.127.116.11 255.255.255.0 interface outside eq sip
access-list From_Internet_In extended permit udp 18.104.22.168 255.255.255.0 interface outside object-group Five9_SIP
inspect dns preset_dns_map
inspect h323 h225
inspect h323 ras
service-policy global_policy global
I know from various forums that a static (inside,outside) might be needed but I am doing PAT (i.e. global outside 1 interface).