Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA 5505 Allworx VOIP No Audio

I am running into the following issue. I have a currently workin ASA5505, clients can get VPN and do what they need to do. We recently added an Allworx VoIP system that uses SIP.

The ports that are required are:

SIP TCP 5050

SIP UDP 5060

BLF UDP 2088

RTP UDP 15000-15511

Mgmt TCP 8080

We are having our clients get VPN into the network before they can use the softphone application (Xlite) on the network. When our clients get VPN, they can place a call, but are unable to hear audio in either direction.

I am attaching our configuration from the ASA.

Thanks

Everyone's tags (5)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ASA 5505 Allworx VOIP No Audio

Hello,

Seems like you have configured your VoIP server to be NAT aware i.e. the server knows the public IP address it will be using when going to internet. So, it modifies the message headers accordingly when trying to reach subnets out of its own IP.You can see it from the capture:

<431>

Can you turn-off the NAT aware feature (typically it will be a field where you need to specify the public IP on the server) and see if that helps.

Regards,

NT

9 REPLIES
Silver

Re: ASA 5505 Allworx VOIP No Audio

Is the voice call between two softphones installed on clients connecting via vpn or between softphone and any external number?

Community Member

Re: ASA 5505 Allworx VOIP No Audio

The calls are from the Softphone to internal extensions and to external phone numbers. The internal extensions will ring, but neither party can hear exch other.

Silver

Re: ASA 5505 Allworx VOIP No Audio

hmmm..so if i am not wrong in the voice concept, its basically the rtp stream thats failing . Since the call is setting up right, you are able to reach the call manager and register fine. for audio, it is direct traffic(rtp stream) between the phones. So you would have to check if that connectivity is there for that to flow without disruption. The vpn clients are doing a full tunnel so all traffic is tunneled back to the ASA. Now the ASA has to know how to send that rtp traffic directly to the other phone. I am not sure exactly how the voice protocols work but I guess this is a start.

Cisco Employee

Re: ASA 5505 Allworx VOIP No Audio

Hello,

Are you able to make and receive calls from your internal LAN hosts? If that is working, then the firewall is doing the inspections properly. We need to see if the traffic is actually traversing through the VPN tunnel. Can you configure a capture on the firewall to see if we are getting any traffic to/from the VPN clients?

access-list capture permit ip 192.168.30.0 255.255.255.0 host 192.168.1.200

access-list capture permit ip host 192.168.1.200 192.168.30.0 255.255.255.0

capture capin access-list capture interface inside

capture capvpn type webvpn user

This will help us understand if the traffic is actually traversing through the VPN tunnel and help us narrowdown the root cause.

Hope this helps.

Regards,

NT

Community Member

Re: ASA 5505 Allworx VOIP No Audio

I am uploading a capture from the VPN Network 192.168.30.240/29 to the PBX host 192.168.1.200. It appears all that is being captured is the SIP protocol.

Silver

Re: ASA 5505 Allworx VOIP No Audio

Another suggestion would be to run capture on the client itself when you try to make a call to see where its failing.

Community Member

Re: ASA 5505 Allworx VOIP No Audio

I am attaching a capture of the client side. I made a test call and all I am seeing are the SIP signalling messages. No RTP.

Cisco Employee

Re: ASA 5505 Allworx VOIP No Audio

Hello,

Seems like you have configured your VoIP server to be NAT aware i.e. the server knows the public IP address it will be using when going to internet. So, it modifies the message headers accordingly when trying to reach subnets out of its own IP.You can see it from the capture:

<431>

Can you turn-off the NAT aware feature (typically it will be a field where you need to specify the public IP on the server) and see if that helps.

Regards,

NT

Community Member

Re: ASA 5505 Allworx VOIP No Audio

Naqaraja,

Thanks for the direction. I was thinking that the ASA was making that change to the SIP. I have contacted our vendor and he removed the public ip address from the Allworxs server. It is working now.

4788
Views
0
Helpful
9
Replies
CreatePlease to create content