Voice traffic is dropping thorugh ASA

sushil · ‎07-06-2010

Hi,

Running code 8.0 on ASA 5510.

All internet through internal and DMZ perfect and mail server extra are working perfectly fine for me.

All ports are opened from inside and dmz.

Now voice facility imlimented with EPABX and digital phone.

We are able to connect to remote network but no voice coming.

As per Voice team some ports like 30000-31000 needs to be opened for this to work.

As per me all ports are already opened so it could be clear cut case of new inspection policy for this.

And remove h323 etc. inspection etc.

Experts,Do let me know am I correct?

Reg,

Sushil

Kevin Redmon · ‎07-06-2010

Sushil,

Can you please be more specific about the topology and how you are connecting to the remote office? If there is a VPN between the two sites, you will need to ensure that the relevant traffic is part of the Lan-to-Lan VPN access-list. If it is indeed part of the ACL, make sure that you also have 'nat (inside) 0 ' or 'nat (dmz) 0 ', where includes the relevant voice traffic. Another thing to confirm is the routing between the two destinations - ensure the traffic can get there and back.

To ensure that all of the traffic is indeed being NATed properly, you can leverage the packet captures on the device:

capture capin interface inside match ip

capture capout interface outside match ip

show capture capin

show capture capout

What protocol is the voice traffic using - is it SIP, Skinny, or H323? If it is either of these, be sure to include an 'inspect' statement for the relevant protocol.

Hope this helps.

Best Regards,

Kevin

sushil · ‎07-06-2010

Kevin,

Unfortuntely i don't hae topology with me.

Got config and information that one public ip is statically natted on ASA and fed into EPABX.To make this working certain prots needs to be opened which indeed are allowed on ASA,but somehow ring is happeneing but voice is no going through.

I will try to get the exact topology and will get back to you.

Reg,

Sushil

sushil · ‎07-08-2010

Hi Kevin,

I just got the detail on topology.

Setup is something like this.

1. ASA has internal and DMZ ports configured.

2. One DMZ real IP is statically natted to DMZ Public IP.

3. This reall IP is fed into digital epabx systems.

4. We are using samsung Office Serv 500 (Enteprise IP solution).

5. A remote IP phone dails to public IP of this EPABX.

6. Ring happens but there is no voice coming thorugh phones.

I checked using packet tracer that all ports are opened.

I am attaching the sanitized config for the same.

If I remove the ASA from the setup then all works well.

Do let me know Am I missing something?

Reg,

Sushil

Nagaraja Thanthry · ‎07-08-2010

Hello,

Can you please post the output of "show service-policy" command from the firewall?

Regards,

NT

sushil · ‎07-08-2010

Hey thanks for your reply.

Please find attached the show service-polcy out.

I between found so many documents stating such type of problem.

Most of them states NAT and VOIP issue.

Please have a look into the below link,

http://www.velocityreviews.com/forums/t233646-the-trouble-with-nat-and-voip.html

Reg,

Sushil

sushil · ‎07-11-2010

No comments????

Anyone can help on this?

Reg,

Sushil