I have some internal users behind the ASA using Action Voip to make international calls. To allow them making calls I have to open full access through. That i want to stop it now. Please can anyone help to allow Action voip. Any help will be appreciated.
I believe Active voip uses SIP as the voice protocol, and SIP inspection is normally enabled by default on ASA unless you disable it.
All you need to allow for the traffic to pass through is call signalling and for SIP it's on port 5060 (not sure whether Action uses TCP or UDP, but feel free to open both TCP and UDP/5060 and check the hit count on the ACL to determine whether they use TCP or UDP SIP protocol).
You can check the output of "show service-policy" and look at the "SIP" inspection for the hit count too.
Here is explaination on SIP inspection for your reference:
What I did is, I ran the Wireshark Protocol Anylyzer on the client PC before doing that I disconnected all the internet session and kept AcionVoip App running. After capturing the filters I noted the source and destination IP. However protocol information I got it from Actiovoip Website itself.
Further I create an acl and dynamic rule It was working then.
Thank you halijenn for the comment and the useful information you gave. Really appreciated
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...