These applications should be able to establish all connections from a higher level security to lower level security even if you do not have an acl applied on the higher level security level. This is true only for the PIX/ASA platform.
•If a remote endpoint tries to register with a SIP proxy on a network protected by the security appliance, the registration fails under very specific conditions, as follows: –PAT is configured for the remote endpoint. –The SIP registrar server is on the outside network. –The port is missing in the contact field in the REGISTER message sent by the endpoint to the proxy server.
So, you are hiding a bunch of computers behind a PAT pool. Say for example one of the hosts in the 126.96.36.199/24 tries to access the outside IP of your ASA on SIP port the firewall is not listening to what do you expect the firewall to do? It will just drop it.
These ACLs don't mean anything without a static line that tells the firewall where to send the packet.
Re: Allowing inside network to access VOIP over the Internet usi
I totally agree with the point that the ACL does not mean much without a proxy server behind the firewall and I pointed this out to the vendor. The 188.8.131.52/24 is Five9 subnet mask and not our internal subnet.
In any case, we have had a 5510 at a different location and the application works fine without adding any specials commands on the ASA. We are now using a 5580 and I had to remove inspect sip for the application to work. I have to point out that the vendor made some upgrade to their application so I am not quite sure if it is the application or the ASA5580 version 8.1(2).
The vendor had recommended an ACL to match the class-map but all that did was to prevent our users to use pptp.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...