Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA5515X & VOIP

Hi All,

 

    I recently replaced a series of ASA 5505's with a singular ASA5515X firewall. All seems to have gone well but one group of users are reporting a problem with VOIP. They are the only VOIP users on this firewall.

 

    They have Cisco VOIP phones that connect out to an external suppier. The firewall is on an open circuit so we do not restrict outbound traffic, permitting all traffic. Inbound we permit all traffic to named servers. To their VOIP server we have a NAT in place and a rule that permits anything from internet to that server. From their network we permit all traffic to internet, including the server. I can ping the server from Internet. All outbound data traffic is fine.

 

    The users report incoming calls to VOIP work fine without issue. When they make an external call, the call connects to the remote phone okay but no voice/audio can be heard.

 

    I have inspections for Skinny, H323 RAS & h225, and SIP enabled. This does not make a difference - even with them removed.

 

    IOS version is asa913-smp-k8.bin. This was working on the ASA5505 firewall but now has an issue with the ASA5515X series.

 

    Any ideas? Help appreciated.

 

Regards

 

Adrian

  • Firewalling
3 REPLIES
Bronze

if i'm not wrong i saw some

if i'm not wrong i saw some issues with SIP/NAT. I think PAT is not supported with inspection but check if inspection drop some traffic and probably you need configuring a SIP Inspection Policy Map for Additional Inspection Control

rate if i helped you

ruben

New Member

The previous version would

The previous version would have been 8.4 - not sure of exact version as this has been upgraded and redployed.

 

Remote end did some analysis and reported they are seeing the local IP in the sip traffic. The VOIP server has NAT traversal enabled. When I browse from the server I have a public IP address. NAT is working - maybe not for SIP. You would hope a Cisco product over a Cisco product would be okay. Calls outbound only have voice traffic missing - calls establish. Inbound calls have sessions establish and bi-directional voice traffic with no problems.

 

What are the addition Inspection Control?

New Member

Hi Adrian,Was this outgoing

Hi Adrian,

Was this outgoing VOIP traffic working fine on the ASA 5505 device with the previous IOS version ?

What was the previous IOS version ?

Please check and post "show service-policy " output to verify if there are any inspection drops or not.

Also apply caputres on ingress and egress interfaces to check if the inspection is working for this stream or not.
Please folow this link to apply the captures:

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/110117-asa-capture-asdm-config.html

Please post the ACL, NAT and insoection configuration from previous version and current device.

Cheers,

Naveen

Hope it helps Cheers, Naveen Please Rate Helpful posts.
30
Views
0
Helpful
3
Replies
This widget could not be displayed.