using the ASA as a proxy

Unanswered Question
Jul 8th, 2010

Hi All,

i'm facing a major issue with the asa, my cisco call manager is trying to communicate with SIP provider outside the ASA,

i have configured a static NAT for the CCM and respective policy to allow that SIP traffic, the thing is that when the CCM trying to reach the SIP provider

the NAT occures however direction inbound to the CCM drops by ASA.

any ideas on resolving this issue?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Nagaraja Thanthry Thu, 07/08/2010 - 08:11

Hello,

Are you using SIP inspection? If not I would suggest you use it. That will ensure that the firewall dynamically opens additional ports as required. Also, the firewall will modify all private addresses within the signaling packet to corresponding public IP. In addition, please make sure that your CCM device is not NAT aware i.e. it does not use public IP address in its signaling data.

Hope this helps.

Regards,

NT

ofir-nissim Thu, 07/08/2010 - 08:29

SIP inspection is enabled otherwise the CCM requests outbound would have been denied,

the CCM is not NAT aware and using it's IP address for the signalling

Nagaraja Thanthry Thu, 07/08/2010 - 10:00

Hello,

As a first step, would it be possible for you to allow all traffic from outside to the translated IP of the CCM? This will help us understand if it is a inspection issue or something else. Also, can you please post the output of "show service-policy" command?

Regards,

NT

ofir-nissim Sat, 07/10/2010 - 22:18

i have created a static NAT to represent the CCM as a public ip address,

however , when SIP provider sends his reply to the SIP registration the asa ignors the NAT and packet is seen as follows :

public ip of the SIP server is requesting/sending data to the real CCM ip address

show service-policy :

inspect sip

no special class map was created to math the 5060 ports as the ASA recognizes it as SIP traffic

lusandi Thu, 07/14/2011 - 08:47

Can you post the ASA configuration and also this

debug sip

debug sip ha

Regards,

Luis Sandi

.:|:.:|:.

P.S Please mark this question as answered if it has been resolved. Do rate helpful posts.

Actions

This Discussion