Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Internet SIP trunk from Carrier1 hand off to Carrier2 causes inbound firewall deny hit

Hi all, i got a wierd problem with a VOIP configuration new to me. We are working with an internet phone carrier which has a SIP trunk established to our inside-behind-firewall PBX, which is nat-ed on our firewall. firewall is ASA 8.2 OS. I have disabled the SIP inspection policy per provider as that supposedly casued problems (vendors call it SIP ALG). before disabling, was only getting one-way voice. that is counterintuitive, but its disabled for now.

Well everything seems to work, but im gettgin FW deny's on the internet interface for carrier2. carrier1 (CCI) is some sort of national dial-plan provider, which has the LCR maps to various carriers. once we making an inbound call, they somehow communicate that to that actual carrier2. this communication might be done in advance, but im not exactly sure.

So what is see is the call goes through with 2-way audio fine (no apparent problems), but there are a bunch of deny messages on the firewall from carrier2. this appears to be some sort of audio-traffic in the >10K udp range. Is there any way around this? What specifically is this traffic? Do i need to make rules with each of the carriers which could potentially route for us?

4             Dec 06 2013        11:24:13              106023  CARRIER2IP  56901    OURPBXEXTIP 18901    Deny udp src OUTSIDE:CARRIER2IP/56901 dst VOICE:OURPBXEXTIP/18901 by access-group "ACL_INT_OUTSIDE" [0x0, 0x0]

thx in advance,


CreatePlease login to create content