Voice traffic is dropping thorugh ASA

Unanswered Question

Hi,


Running code 8.0 on ASA 5510.

All internet through internal and DMZ perfect and mail server extra are working perfectly fine for me.

All ports are opened from inside and dmz.


Now voice facility imlimented with EPABX and digital phone.

We are able to connect to remote network  but no voice coming.


As per Voice team some ports like 30000-31000 needs to be opened for this to work.


As per me all ports are already opened so it could be clear cut case of new inspection policy for this.

And remove h323 etc. inspection etc.


Experts,Do let me know am I correct?


Reg,

Sushil

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Kevin Redmon Tue, 07/06/2010 - 06:51
User Badges:
  • Cisco Employee,

Sushil,


Can you please be more specific about the topology and how you are connecting to the remote office?  If there is a VPN between the two sites, you will need to ensure that the relevant traffic is part of the Lan-to-Lan VPN access-list.  If it is indeed part of the ACL, make sure that you also have 'nat (inside) 0 ' or 'nat (dmz) 0 ', where includes the relevant voice traffic.  Another thing to confirm is the routing between the two destinations - ensure the traffic can get there and back.


To ensure that all of the traffic is indeed being NATed properly, you can leverage the packet captures on the device:


capture capin interface inside match ip

capture capout interface outside match ip


show capture capin

show capture capout


What protocol is the voice traffic using - is it SIP, Skinny, or H323?  If it is either of these, be sure to include an 'inspect' statement for the relevant protocol.


Hope this helps.


Best Regards,

Kevin

Kevin,


Unfortuntely i don't hae topology with me.

Got config and information that one public ip is statically natted on ASA and fed into EPABX.To make this working certain prots needs to be opened which indeed are allowed on ASA,but somehow ring is happeneing but voice is no going through.


I will try to get the exact topology and will get back to you.


Reg,

Sushil

Hi Kevin,


I just got the detail on topology.


Setup is something like this.


1. ASA has internal and DMZ ports configured.

2. One DMZ real IP is statically natted to DMZ Public IP.

3. This reall IP is fed into digital epabx systems.

4. We are using samsung Office Serv 500 (Enteprise IP solution).

5. A remote IP phone dails to public IP of this EPABX.

6. Ring happens but there is no voice coming thorugh phones.


I checked using packet tracer that all ports are opened.

I am attaching the sanitized config for the same.

If I remove the ASA from the setup then all works well.


Do let me know Am I missing something?


Reg,

Sushil

Nagaraja Thanthry Thu, 07/08/2010 - 09:48
User Badges:
  • Cisco Employee,

Hello,


Can you please post the output of "show service-policy" command from the firewall?


Regards,


NT

Actions

This Discussion