Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ASA 5520 - SIP NAT

I need to NAT an outside IP to an inside IP, but I do not want to change the source IP address.

Anyone have any luck with getting SIP to pass through the 5520 without changing the source IP?

Cisco Employee

Re: ASA 5520 - SIP NAT

outside--->inside communication :

on internet:

source ip( ip(

on asa's outside interface :

static (inside,outside)

as soon as this translation is processed ,the new packet is :

source ip( ip(

this packet is sent to inside interface as per static.

so,source ip never changed.

it was the destination which changed.


inside to outside communication :

inside( ip trying to access on internet.

inside interface :

source( ip(

nat (inside) 1

global (outside) 1 interface

on oustside interface

source ip (outside interface's pat address ).....dest. address (

so,source ip is changing here.

what say ?

Community Member

Re: ASA 5520 - SIP NAT

The NAT statements are inline with what I'm running here. The issue I'm seeing is that as the SIP traffic from the outside Internet reaches the ASA5520, it's changing the SIP INVITE message from my outside address to my inside address.

Would this have anything to do with stateful inspection? I tried turning it off with creating a policy map inspect sip. But that doesn't seem to help.

CreatePlease to create content