Our setup is this. Call comes in via SIP Trunk, routes to CallManager through ASA and back out through to the remote site via VPN. Yeah, it's a complex setup I know.
The problem is that when a caller calls and gets connected with a user, the calling party can hear what the IP phone user is saying but the IP phone user cannot hear anything. If you look at the phone for sending/receiving packets, it is sending but receiving packets are not incrementing. This will happen intermittently (mostly about 75% of the time). The caller will get connected, everything will be working and then the other side goes silent.
My policy map is allowing sip across and the ACL is allowing everything across from the voice subnet. The phones never lose connectivity. I can ping fine from the voice subnet to the remote phone side.
I would make sure that there isn't any other NAT or ACL's in line of the receive traffic. Then I would take two old pc's and install Wireshark. Using TSHark, capture the SIP, RTP and ICMP traffic into a handful of ring buffer files. When the problem occurs, see if the audio streams are present on the the other side of the ASA. If not, you will want to keep moving toward the other end.
Additionally, you might want to see if your ASA is logging any dropped packets from the other end. In any case Wireshark is a great tool for working with SIP. You can actually listen in the RTP Streams they are using G711.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...