Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
638
Views
0
Helpful
1
Replies

SIP inspect and PJSIP

charlie.ford
Level 1
Level 1

‎10-23-2014 08:29 AM - edited ‎03-11-2019 09:58 PM

We recently had a vendor switch from Cisco SIP to PJSIP. After the migration it was necessary for us to add an access list to allow UDP port range 60000 65535. To the best of my knowledge this part of the reason we enabled SIP inspect several years ago on the Cisco ASA. I saw evidence of these ports being denies in the syslog before I added these ports to the access-list. I am sorry to report that our log history does not go back far enough to see the pack flow before the change.

Any suggestion you might have to assist me in my research would be appreciated.

ASA 5520 ASA Version 8.2(5)33

  inspect rtsp

  inspect sip

 

Labels:
0 Helpful
1 Reply 1

Vibhor Amrodia
Cisco Employee
Cisco Employee

‎10-23-2014 06:24 PM

Hi,

One of the reasons for the SIP inspection is for the ASA device to dynamically open Pin Holes (Secondary Channels) for the Audio Communication trough the ASA device without having to open the huge range of ports.

I don't think PJSIP would be supported as an inspection protocol and hence you would have to open these HIgh Range ports through the ASA device.

Hope that answers your query.

Thanks and Regards,

Vibhor Amrodia

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card