Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

Cisco PIX SIP Issue

Hello All,

I am having an issue with running SIP through my Cisco Pix. A VOIP solution has just been installed, and softphones from the outside are trying to call in using SIP and are failing. The configuration is below. and the code is 6.3 (5). You'll see below that I have the no fixup protocol for sip, as the fixup wasn't working either. Is there something that needs to be configured that I'm missing or could this be a bug in the code? Any other show commands or debug commands I can provide if needed. The call manager server in the below config is 1.2.3.4. Thanks in advance for all your help, you guys are always so helpful.

-------------------------------------------------------------------------------------------------------------------------

XXXt# show ver

Cisco PIX Firewall Version 6.3(5)

Cisco PIX Device Manager Version 3.0(4)

Compiled on Thu 04-Aug-05 21:40 by morlee

XXX up 1 hour 45 mins

Hardware:   PIX-506E, 32 MB RAM, CPU Pentium II 300 MHz

Flash E28F640J3 @ 0x300, 8MB

BIOS Flash AM29F400B @ 0xfffd8000, 32KB

0: ethernet0: address is 001c.582b.3c65, irq 10

1: ethernet1: address is 001c.582b.3c66, irq 11

Licensed Features:

Failover:                    Disabled

VPN-DES:                     Enabled

VPN-3DES-AES:                Enabled

Maximum Physical Interfaces: 2

Maximum Interfaces:          4

Cut-through Proxy:           Enabled

Guards:                      Enabled

URL-filtering:               Enabled

Inside Hosts:                Unlimited

Throughput:                  Unlimited

IKE peers:                   Unlimited

This PIX has a Restricted (R) license.

XXXt# show run

: Saved

:

PIX Version 6.3(5)

interface ethernet0 auto

interface ethernet1 auto

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password vQ0/erypfvYyzFoc encrypted

passwd vQ0/erypfvYyzFoc encrypted

hostname DTPIX35thst

domain-name digitaltransitions.com

fixup protocol dns maximum-length 512

fixup protocol ftp 21

fixup protocol h323 h225 1720

fixup protocol h323 ras 1718-1719

fixup protocol http 80

fixup protocol rsh 514

fixup protocol rtsp 554

no fixup protocol sip 5060

no fixup protocol sip udp 5060

fixup protocol skinny 2000

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol tftp 69

names

access-list out_in permit udp any host 1.2.3.4 eq 5060

access-list out_in permit tcp any host 1.2.3.43 eq 5060

pager lines 24

logging on

logging buffered informational

logging trap informational

logging queue 2048

mtu outside 1500

mtu inside 1500

ip address outside 4.34.119.130 255.255.255.248

ip address inside 192.168.1.1 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

ip local pool vpn_pool 192.168.100.50-192.168.100.75

pdm location 192.168.1.250 255.255.255.255 inside

pdm location 192.168.1.252 255.255.255.255 inside

pdm location 65.215.8.100 255.255.255.255 inside

pdm location 192.168.100.0 255.255.255.0 outside

pdm logging informational 100

pdm history enable

arp timeout 14400

global (outside) 1 interface

nat (inside) 0 access-list nonat

nat (inside) 1 0.0.0.0 0.0.0.0 0 0

static (inside,outside) 1.2.3.4 172.20.1.2 netmask 255.255.255.255 0 0

access-group out_in in interface outside

timeout xlate 0:05:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00

timeout h323 0:05:00 mgcp 0:05:00 sip 0:00:00 sip_media 0:00:00

timeout sip-disconnect 0:02:00 sip-invite 0:03:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server TACACS+ max-failed-attempts 3

aaa-server TACACS+ deadtime 10

aaa-server RADIUS protocol radius

aaa-server RADIUS max-failed-attempts 3

aaa-server RADIUS deadtime 10

aaa-server LOCAL protocol local

aaa authentication ssh console LOCAL

http server enable

http 199.96.104.108 255.255.255.255 outside

http 192.168.1.0 255.255.255.0 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

floodguard enable

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Cisco PIX SIP Issue

That maybe the upgrade won´t resolve the issue because the problem could be related to what you have behind the ASA and how it handles SIP

Value our effort and rate the assistance!

Value our effort and rate the assistance!
17 REPLIES
Silver

Cisco PIX SIP Issue

Configre the fixup back into the configuration and place debug sip and post the output.

Value our effort and rate the assistance!

Value our effort and rate the assistance!
New Member

Re: Cisco PIX SIP Issue

Thank You Jumora for the response. I have attached the below dubg output. Any questions please feel free. I look forward to hearing your response.

Silver

Cisco PIX SIP Issue

Do you want to do a skype session juanmh84 is my ID, today am not at work so we can connect through skype

Value our effort and rate the assistance!

Value our effort and rate the assistance!
New Member

Cisco PIX SIP Issue

I just sent you a message. My userid is japricena, when your free feel free to message back, thanks Jumora!

Silver

Cisco PIX SIP Issue

Hey I left you a couple of IMs on skype

Value our effort and rate the assistance!

Value our effort and rate the assistance!
New Member

Cisco PIX SIP Issue

Hello Jumora,

I didn't receive any messages. I apoligze my ID is japricena@yahoo.com.

Silver

Cisco PIX SIP Issue

Do you have skype???

Value our effort and rate the assistance!

Value our effort and rate the assistance!
Silver

Cisco PIX SIP Issue

Sorry it was for another ticket but if you have Skype we can check this out together

Value our effort and rate the assistance!

Value our effort and rate the assistance!
New Member

Cisco PIX SIP Issue

Thanks for the prompt response. Yes I have skype and my userid is japricena. I'm online now.

Silver

Cisco PIX SIP Issue

I just tried to call you over skype but you did not pick up, I am going to work at this moment, I will try to see if you are available later today.

Value our effort and rate the assistance!

Value our effort and rate the assistance!
New Member

Re: Cisco PIX SIP Issue

Sorry I missed your call, what time are you available today, I'll make sure I'm available? I'm on the east coast timezone.

Silver

Cisco PIX SIP Issue

I am at work and skype is blocked can you give another number.

Value our effort and rate the assistance!

Value our effort and rate the assistance!
Silver

Cisco PIX SIP Issue

hey I am going to be at home for the next couple of days so maybe tomorrow we can work on this

Value our effort and rate the assistance!

Value our effort and rate the assistance!
New Member

Re: Cisco PIX SIP Issue

Hi Jumora,

No need to troubleshoot this direct issue anymore. The client will be upgrading to an ASA 5505. Is there anything you may know of before I configure the ASA that I need to do to allow SIP through with no issues? Thanks again Jumora

Silver

Cisco PIX SIP Issue

That maybe the upgrade won´t resolve the issue because the problem could be related to what you have behind the ASA and how it handles SIP

Value our effort and rate the assistance!

Value our effort and rate the assistance!
New Member

Re: Cisco PIX SIP Issue

understood. The equipment thats behind the ASA is the ISPs, so if this is the case I will discuss with them, but they are the ones providing the VOIP solution, so it would seem likely the issue is with the PIX itself.

New Member

Re: Cisco PIX SIP Issue

The new ASA 5505 was installed and configured, and there are no more SIP issues. I ensured that SIP inspection was turned on. Thanks jumora for your help!

493
Views
40
Helpful
17
Replies
CreatePlease to create content