Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT and SIP issue with ip overlapping...

Hi everyone!

Would love to get your input on this attached network setup when it comes to config of the SIP/NAT rules.

Since the two networks on each side of the ASA have the same network ranges it makes it all rather difficult.

What I have tried is to make NAT-rules for sip(tcp/udp 5060) from each side of the ASA to the Com system and the PBX and thought that SIP inspection would make it work but it doesn't. The call is setup between the endpoints but we are missing voice in both directions.

Any suggestions to get further?


Relevant config below

interface GigabitEthernet0/0

nameif Com_Int

security-level 10

ip address 10.1.20.55 255.255.255.0

!

interface GigabitEthernet0/1

nameif PBX_Int

security-level 0

ip address 10.1.30.40 255.255.255.0

object network MTIG-SG-SIP-UDP

host 10.1.1.249

object network MTIG-SG-SIP-TCP

host 10.1.1.249

object network PBX-SG-SIP-UDP

host 10.1.30.55

object network PBX-SG-SIP-TCP

host 10.1.30.55

object network MTIG-SG-SIP-UDP

nat (Com_Int,PBX_Int) static interface service udp sip sip

object network MTIG-SG-SIP-TCP

nat (Com_Int,PBX_Int) static interface service tcp sip sip

object network PBX-SG-SIP-UDP

nat (PBX_Int,Com_Int) static interface service udp sip sip

object network PBX-SG-SIP-TCP

nat (PBX_Int,Com_Int) static interface service tcp sip sip

access-group ANY in interface Com_Int

access-group ANY out interface Com_Int

access-group ANY in interface PBX_Int

access-group ANY out interface PBX_Int

route PBX_Int 0.0.0.0 0.0.0.0 10.1.30.241 1

route Com_Int 10.1.1.224 255.255.255.224 10.1.20.1 1

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect netbios

  inspect tftp

  inspect ip-options

!

service-policy global_policy global


Everyone's tags (6)
1 REPLY
New Member

Re: NAT and SIP issue with ip overlapping...

Failed to copy the right config for the policy-map in use..

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect netbios

  inspect tftp

  inspect ip-options

  inspect h323 h225

  inspect h323 ras

  inspect skinny

  inspect sunrpc

  inspect xdmcp

  inspect sip

Regards,

Jonas Back

186
Views
0
Helpful
1
Replies
CreatePlease login to create content