Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

From URI issues with ASA SIP Inspection and NAT

Hi,

Does anybody have a working configuration from an ASA running release 8.4.7 or 9.1.5 where the From header URI is correctly NAT'd calling from inside to outside?

We were originally running 8.4.6 and none of outgoing header URIs were NAT'd. After upgrading to 8.4.7 and not changing a single line of config all of the URIs except for the From header were correctly NAT'd in both directions.

Every other header in my outgoing INVITE is correctly NAT'd both incoming and outgoing, but my From header URI remains set to my private IP address. Unfortunately my SIP provider is validating my connection on the From URI so outgoing calls are persistently rejected.

I do have a TAC case open for this issue and will post any positive findings in due course.

Thank-you

-Rob.

 

 

3 REPLIES
New Member

Hi Rob, Can you please share

Hi Rob,

 

Can you please share the NAT configuration from the previous version and the new one and the info on the traffic in question,

 

Thanks,

 

Naveen

Hope it helps Cheers, Naveen Please Rate Helpful posts.
New Member

Hi Naveen,The current

Hi Naveen,

The current configuration (version 9.1.5) is as follows:

interface Ethernet0/0
 description 2Mb LES circuit
 nameif Outside
 security-level 0
 ip address 21.x.x.204 255.255.255.224 
 ospf cost 10

interface Ethernet0/3
 description Inside Interface connected to 3560
 speed 100
 duplex full
 nameif Internal
 security-level 100
 ip address 192.168.255.1 255.255.255.252 
 ospf cost 10

object network rdg-cucm
 host 172.30.1.100

object network external_ip_interface
 host 21.x.x.204
 nat (Internal,Outside) static rdg-cucm service udp sip sip

 

Note that we only have one public IP address and that is applied to the ethernet0/0. We cannot, therefore, use that IP address in any NAT commands because the ASA software complains that it overlaps with an external IP address.

We did not change any of the NAT configuration between software versions.

Thank-you

-Rob. 

New Member

 After considering the NAT

 

After considering the NAT configuration we've made the following changes:

object network rdg-cucm
 host 172.30.1.100
 nat (Internal, Outside) static interface service udp 5060 5060

 

and removed object network external_ip_interface

374
Views
0
Helpful
3
Replies
CreatePlease login to create content