cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
927
Views
0
Helpful
5
Replies

using the ASA as a proxy

ofir-nissim
Level 1
Level 1

Hi All,

i'm facing a major issue with the asa, my cisco call manager is trying to communicate with SIP provider outside the ASA,

i have configured a static NAT for the CCM and respective policy to allow that SIP traffic, the thing is that when the CCM trying to reach the SIP provider

the NAT occures however direction inbound to the CCM drops by ASA.

any ideas on resolving this issue?

5 Replies 5

Nagaraja Thanthry
Cisco Employee
Cisco Employee

Hello,

Are you using SIP inspection? If not I would suggest you use it. That will ensure that the firewall dynamically opens additional ports as required. Also, the firewall will modify all private addresses within the signaling packet to corresponding public IP. In addition, please make sure that your CCM device is not NAT aware i.e. it does not use public IP address in its signaling data.

Hope this helps.

Regards,

NT

SIP inspection is enabled otherwise the CCM requests outbound would have been denied,

the CCM is not NAT aware and using it's IP address for the signalling

Hello,

As a first step, would it be possible for you to allow all traffic from outside to the translated IP of the CCM? This will help us understand if it is a inspection issue or something else. Also, can you please post the output of "show service-policy" command?

Regards,

NT

i have created a static NAT to represent the CCM as a public ip address,

however , when SIP provider sends his reply to the SIP registration the asa ignors the NAT and packet is seen as follows :

public ip of the SIP server is requesting/sending data to the real CCM ip address

show service-policy :

inspect sip

no special class map was created to math the 5060 ports as the ASA recognizes it as SIP traffic

Can you post the ASA configuration and also this

debug sip

debug sip ha

Regards,

Luis Sandi

.:|:.:|:.

P.S Please mark this question as answered if it has been resolved. Do rate helpful posts.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: