Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SIP inspect and PJSIP

We recently had a vendor switch from Cisco SIP to PJSIP. After the migration it was necessary for us to add an access list to allow UDP port range 60000 65535. To the best of my knowledge this part of the reason we enabled SIP inspect several years ago on the Cisco ASA. I saw evidence of these ports being denies in the syslog before I added these ports to the access-list. I am sorry to report that our log history does not go back far enough to see the pack flow before the change.

Any suggestion you might have to assist me in my research would be appreciated.

ASA 5520 ASA Version 8.2(5)33

  inspect rtsp

  inspect sip

 

1 REPLY
Cisco Employee

Hi,One of the reasons for the

Hi,

One of the reasons for the SIP inspection is for the ASA device to dynamically open Pin Holes (Secondary Channels) for the Audio Communication trough the ASA device without having to open the huge range of ports.

I don't think PJSIP would be supported as an inspection protocol and hence you would have to open these HIgh Range ports through the ASA device.

Hope that answers your query.

Thanks and Regards,

Vibhor Amrodia

148
Views
0
Helpful
1
Replies
CreatePlease login to create content