Cisco Support Community
Community Member

CME 4.1 behind ASA 5505...


I've got a Cisco 877 router connecting to FTTC.  The 877 is currently doing NAT overload for devices on the network.  I've tried and failed to get a SIP trunk working with NAT in this configuration, but always get one way audio on incoming calls.  Outgoing calls are working fine.  I was thinking that I could make use of an ASA 5505 that I have and configure the 877 in bridge mode and assign a public IP's to the ASA, then let the ASA peform the NAT overload for devices and hopefully get incoming SIP calls working.

I haven't worked at all with an ASA, so its all going to be new to me.  I've been reading around, but can't find a clear example of how I would set this up.

Would I be assinging a second public IP to the ASA and doing 1:1 static NAT to an internal IP on the CME?  If I did it this way, will the ASA 5505 re-write the SIP headers correctly?

Do I need to place the CME in a DMZ?

Or would I put the public IP on CME 4.1 device and then protect with the ASA (somehow - I told you the ASA was new to me!)

Either way, I need to put an ACL on to only allow 3 IP's from my ITSP to ever be allowed to talk to the CME.

I'm just after pointers on how to get the equipment I've got working


Everyone's tags (3)

CME 4.1 behind ASA 5505...

Andy, without going into detail re. your design.

NAT and ASA (or any NAT-ing/FW device for that matter), can be a bit hit and miss.

there is plenty of posts on the subject. On the ASA sip inspection is supposed to be ruyn for letting through SIP traffic and intelligently open the FW for RTP (udp ports)..

Check this brief out on SIP FW traversal:

Please remember to rate useful posts, by clicking on the stars below. 


Please remember to rate useful posts, by clicking on the stars below.

CreatePlease to create content