Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

ASA 5505 site to site RTP traffic is hitting deny all rule

Hello,

Got an ASA5505 connected to another endpoint running IPsec and being NAT'd at each end to a 10.0.0.0/24 network. I can pass other types of traffic through the ASA 5505 but not RTP traffic. The moment it is NAT'd and hits the firewall rules it gets denied by the default deny at the bottom of the list.

Currently the rules are as follows

Incoming External

allow ip any any

allow tcp any any

allow udp any any

default deny

Incoming Internal

allow ip any any

allow tcp any any

allow udp any any

default deny

It wont allow us to setup a voip call...however when the same call manager sets up a voip call NOT using this ipsec tunnel it works just fine.

2 REPLIES

ASA 5505 site to site RTP traffic is hitting deny all rule

Hi Daniel,

I guess there is support feature issue with the ASA sending VOIP traffic over VPN

The ASA Phone Proxy does not  support inspection of packets from phones connecting to it over a VPN  tunnel. Therefore, sending phone proxy traffic through a VPN tunnel is  not supported.



Note The ASA 5500 appliances running version 8.4 can support the Phone Proxy feature when integrated with Unified CM 8.0(x) but do not support Phone Proxy with Unified CM versions 8.5(x) and 8.6(x).

Please do rate if the given information helps.

By

Karthik

Cisco Employee

ASA 5505 site to site RTP traffic is hitting deny all rule

The ASA does support Voice Traffic over a VPN tunnel, unless you are using phone proxy. If you are using SKINNY, or SIP, these inspections need to be enabled.

If you are still having problems, then you will need to send your show service-policy, and show asp drop output.

Thanks,

Rafael

2438
Views
0
Helpful
2
Replies
CreatePlease to create content