I am an accidental administrator and need some assistance please. Our ASA firewall is apparently blocking our phone traffic, resulting in only one phone being active at a time. I've been told by provider that port 5060 needs to be able to receive. Can someone help me with whatever I'm missing to make this work? What I have tried has not helped, and hopefully hasn't hurt anything else.
Here are some parts from the config;
ASA Version 9.1(2) interface GigabitEthernet0/0 nameif outside security-level 0 ip address xxx.xxx.140.170 255.255.255.0 ! interface GigabitEthernet0/1 no nameif no security-level no ip address ! interface GigabitEthernet0/1.1 vlan 2 nameif inside security-level 100 ip address 10.2.170.254 255.255.248.0 ! interface GigabitEthernet0/1.71 vlan 71 nameif voice security-level 100 ip address 10.2.191.254 255.255.255.0 ! access-list inside_access_in extended permit ip 10.2.176.0 255.255.248.0 any access-list inside_access_in extended permit tcp 10.2.176.0 255.255.248.0 any access-list inside_access_in extended permit udp 10.2.176.0 255.255.248.0 any access-list global_access extended permit icmp 10.2.176.0 255.255.248.0 any access-list global_access extended permit ip object xxxxvpn any access-list global_access extended permit ip object lanadmin any access-list voice_access_in extended permit ip 10.2.191.0 255.255.255.0 any access-list voice_access_in extended permit tcp 10.2.191.0 255.255.255.0 eq sip any access-list outside_access_in extended permit ip any 10.2.191.0 255.255.255.0 access-list outside_access_in extended permit udp any eq sip 10.2.191.0 255.255.255.0 access-list outside_access_in extended permit tcp any eq sip 10.2.191.0 255.255.255.0 ! !! nat (inside,outside) source static any interface nat (voice,outside) source dynamic any interface access-group outside_access_in in interface outside access-group inside_access_in in interface inside access-group voice_access_in in interface voice access-group global_access global
Thank you for your assistance!