Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA 9.0(2) NAT malfunction

Hi everybody,

thanks for an awesome forum!

I've spent this moring troubleshooting on a setup where we have a sip trunk comming in and a CME receiving it. Incomming calls didnt work. The setup has worked forever and ever until an upgrade to ASA v9.0(2) from 8.2(something). So ofcourse the major change here are the NATs.

I had NATs in place and working for everything including incomming calls, however the calls suddently stopped working. Here are the 9.0 NATs:

nat (outside,inside) source static any any destination static interface CME2821 service sip1 sip1

nat (outside,inside) source static any any destination static interface CME2821 service sip2 sip2

Inspection was on. And I realize that the NATs could be more specific towards the sip provider, this is how they were configured. And the service objects:

object service sip1

service tcp destination eq sip

object service sip2

service udp destination eq sip

And looking at the header on the CME (debug ccsip messages) i saw that the INVITE and the TO adresses had NOT been translated in NAT... In other words traffic gets through the firewall like it doesnt even hit the nat rule... Which ofcourse is one of the differences between 8.2 and 9.0 - no nat controll...

Now, agains my advice, my boss decided that we roll back instead of spending time on troubleshooting. So I dont have the setup running any longer. However, if anyone has ever experienced this I would sure like to pick their brains about it.

I mean I've set up plenty of NATs and they've worked, if there are a lot of them on the same FW it can get pretty complex looking at them. But this setup has like 5 statics and one dynamic plus an exemption.

I'm fixing to give this a second attempt because this SIP stuff always seem to cause problems. And because apparantly i must have missed something about the NATs.

Let me know if there is anything i can add.

2 ACCEPTED SOLUTIONS

Accepted Solutions
Silver

ASA 9.0(2) NAT malfunction

CSCto50963

ASA SIP inspection - To: in INVITE not translated after 8.3/8.4 upgrade

https://tools.cisco.com/bugsearch/bug/CSCto50963

9.0.2.3 it reslolved so you might want to upgrade.

Value our effort and rate the assistance!

Value our effort and rate the assistance!
Silver

ASA 9.0(2) NAT malfunction

I do it like this, if you mention 9.0 I look at the release notes of 9.1 that have resolved bugs and look for keywords like SIP in this case.

Value our effort and rate the assistance!

Value our effort and rate the assistance!
6 REPLIES
Silver

ASA 9.0(2) NAT malfunction

CSCto50963

ASA SIP inspection - To: in INVITE not translated after 8.3/8.4 upgrade

https://tools.cisco.com/bugsearch/bug/CSCto50963

9.0.2.3 it reslolved so you might want to upgrade.

Value our effort and rate the assistance!

Value our effort and rate the assistance!
New Member

ASA 9.0(2) NAT malfunction

jumora, thank you!

Hehe danm it, i keep forgetting the bugtracker. I will now spend time getting to know the Bug Search.

Cheers

Silver

ASA 9.0(2) NAT malfunction

I do it like this, if you mention 9.0 I look at the release notes of 9.1 that have resolved bugs and look for keywords like SIP in this case.

Value our effort and rate the assistance!

Value our effort and rate the assistance!
New Member

ASA 9.0(2) NAT malfunction

Hey

Lol, you know. I was looking at it the moment your reply ticked in, and i was wondering how the h... you found it with the affected releases being 8.3 and 8.4.

But nice tip, thanks again.

Cheers

Silver

ASA 9.0(2) NAT malfunction

9 years working in TAC

Value our effort and rate the assistance!

Value our effort and rate the assistance!
New Member

ASA 9.0(2) NAT malfunction

Lol. Right, that figures.

139
Views
0
Helpful
6
Replies