Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

ASA 5520 SIP re-writing

Hello everyone,

I have MAC clients trying to use iChat AV. iChat uses SIP to setup the AV on UDP ports 16384 - 16403. The ASA5520 is running 7.2(4) software and has 4 security zones. However, only 2 zones have iChat clients that need to talk between them. One zone is security level 60 and the other is level 85. If the client initiates from the level 85 zone, iChat connects every time. If the client on level 60 trys to initiate, the audio video fails. Now, a similar thing happened on with a router. I used the command "no ip nat service sip udp port 5060" to disable sip re-writing with NAT. This works great and iChat now connect every time in the router only environment. However, in this scenario, the ASA is not performing NAT, but from iChat debugs it appears that iChat still thinks that NAT is occuring. Is there a similar service on the ASA that re-writes SIP packets? Also, I was reading in Depth about application inspection maps. Could application inspection maps cause SIP failures? My rulesets allow SIP and udp ports 16384-16403 on both the 85 security interface and 60 security interface. Is there anything else I should look into? Thanks!

273
Views
0
Helpful
0
Replies
CreatePlease to create content