Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

PABX VOIP with ASA issue.

Hi all after the client put all their servers network behind the fireweall ASA  5585 the voip call´s was not getting thru and not working , at the time of the maintenance window i was not abble to get any log of the issue because i as running out of time so i made a rollback on the change, there was no access-list at that time i did permit ip any any at both directions at the time of the issue and still not working.

I have seen that some VOIP systems uses some ip options on the calls and the ip option is enable by default on the 8.2 version ( i am using ver 8.2(5)).

it´s possible to turn off the inpection of the ip options and  this could fix the issue ?

PABX brand is siemens.

class-map inspection_default

match default-inspection-traffic



policy-map type inspect dns preset_dns_map


  message-length maximum client auto

  message-length maximum 512

policy-map global_policy

class inspection_default

  inspect dns preset_dns_map

  inspect ftp

  inspect h323 h225

  inspect h323 ras

  inspect rsh

  inspect rtsp

  inspect esmtp

  inspect sqlnet

  inspect skinny 

  inspect sunrpc

  inspect xdmcp

  inspect sip 

  inspect netbios

  inspect tftp

  inspect ip-options

  inspect icmp


service-policy global_policy global

Thank you.

Cisco Employee

PABX VOIP with ASA issue.


I dont think IP options will do the trick. What voice protocol were you using? SIP, Skinny? H323?  If you would have removed the inspection for the voice protocol and then permit IP traffic on the interfaces involved that would have show an issue with the inspections on the ASA.

Let me know.


CreatePlease to create content