11-18-2011 09:30 AM - edited 03-11-2019 02:52 PM
Hi,
Hope you can help .....
I have setup a SIP Server behind a ASA firewall (inside interface). The SIP server talks to an external server (via the outside interface).
* The ASA is configured to use static NAT.
* INSPECT is setup for sip (global service policy).
194.145.133.97 Oustide Voice Server
63.188.8.164 <-----> 192.168.4.74 (Inside SIP Server, outside, inside)
When I trace on the SIP server, I see the SIP INVITE packet exits the server and is received (as expected) by the outside voice-server. I examine the "VIA header" and I see the ASA's INSPECT engine is working OK as the IP addresses have been masqueraded (as per the NAT static rules). But when the response sip packet is seen on the inside server, the "VIA header" has not been ammended by the ASA and it retains the OUTSIDE/PUBLIC ip address.
It seems the INSPECT has worked okay for EGRESS SIP traffic ONLY, but the Ingress fails.
Despite having the SIP INSPECT command configured on the global service policy.
TRACE:
Outgoing Message
INVITE sip:28111447914402497@194.145.133.97:5060;transport=udp SIP/2.0
As you can see, the Incoming message (traced on the inside sip-server), has the EXTERNAL IP Address in the VIA-HEADER, I would expect the INSIDE address. Consequntly, this brakes the server application.
If anyone could help, or offer advise, it would ve very much appreciated.
thank you
p.s I am using latest 8.4(2) code.
Matt
11-18-2011 01:31 PM
Hello Mcroft,
Seems like you are hitting bug ID:CSCto50963
Here is the link you can take a look at it:
http://tools.cisco.com/squish/3DF8e
Now the problem is that after you did the upgrade the embedded IP address on the header is not being translated as it supposed when its an inbound Sip invitation.
The bug stills open and being investigated and the workaround for this would be a downgrade.
Please rate helpfull posts.
Regards,
Julio
10-24-2012 12:42 AM
Hi!
Faced with the same problem in 8.6 (1) 2. Since the release of version 8.4 (2) The problem was not solved? What to do?
10-24-2012 09:44 AM
Hello Artem,
No solution yet, they are still working on this Sr.
A regresion to make it work is need it right now!
Regards,
Julio
11-30-2012 09:05 AM
Any update on this issue? I'm on the same boat. My 9971 vpn phone is unable to receive calls but can make outbound calls.Has anyone tried with ASA release 9.0.1?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide