I recently replaced a series of ASA 5505's with a singular ASA5515X firewall. All seems to have gone well but one group of users are reporting a problem with VOIP. They are the only VOIP users on this firewall.
They have Cisco VOIP phones that connect out to an external suppier. The firewall is on an open circuit so we do not restrict outbound traffic, permitting all traffic. Inbound we permit all traffic to named servers. To their VOIP server we have a NAT in place and a rule that permits anything from internet to that server. From their network we permit all traffic to internet, including the server. I can ping the server from Internet. All outbound data traffic is fine.
The users report incoming calls to VOIP work fine without issue. When they make an external call, the call connects to the remote phone okay but no voice/audio can be heard.
I have inspections for Skinny, H323 RAS & h225, and SIP enabled. This does not make a difference - even with them removed.
IOS version is asa913-smp-k8.bin. This was working on the ASA5505 firewall but now has an issue with the ASA5515X series.
if i'm not wrong i saw some issues with SIP/NAT. I think PAT is not supported with inspection but check if inspection drop some traffic and probably you need configuring a SIP Inspection Policy Map for Additional Inspection Control
The previous version would have been 8.4 - not sure of exact version as this has been upgraded and redployed.
Remote end did some analysis and reported they are seeing the local IP in the sip traffic. The VOIP server has NAT traversal enabled. When I browse from the server I have a public IP address. NAT is working - maybe not for SIP. You would hope a Cisco product over a Cisco product would be okay. Calls outbound only have voice traffic missing - calls establish. Inbound calls have sessions establish and bi-directional voice traffic with no problems.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...