cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6357
Views
0
Helpful
3
Replies

ASA 5505 - Need help opening ports

ininsein1
Level 1
Level 1

I'm not very versed in using this ASA 5505.  My former "IT Guy" set it up for me a long time ago.  I've been able to fumble my way around in the ASDM a few times to make changes to static IP, etc.

But now I'm at a point I absolutely don't know what to do, even though to me it seems like it should be a simple thing?

I purchased a NetTalk DUO voip unit.  This is similar to a magicjack but allows for the device to be connected to the network via ethernet (or usb to a pc...either way).  I haven't been able to get it to work correctly when connected to an ethernet port in my home office, but it does work fine when connected to my PC via usb.

Nettalk support claims it is because the ASA is an "enterprise" device and their unit is not designed to be used with it.  That doesn't sound acceptable to me because it works fine when connected to my PC which is connected to the ASA.

From reviewing their FAQ's, the only thing I've found is that certain ports need to be 'open' in order for the device to work properly on the network.  I need to open the following:

TFTP port: 69
SIP port: 5060
RTP port range: 10000-20000

I'm hoping someone here can advise me on how to do this via the ASDM GUI interface.

Let me know if you need any other info from me regarding the current setup and I'll post what you request.

Thank You in Advance.

- Charles Partridge

3 Replies 3

ininsein1
Level 1
Level 1

I found some more detailed information from the NetTalk website that might help:

**********************************************************

The following ports are typically used be the netTALK product.

Port 69: Used for updates (not necessary for phone calls).
Port 5060: Standard SIP port for provisioning to the netTALK network.
Port 10,000 - 20,000: Used for Voice transmission. If your router does not allow you to put in a range of ports then select port 12000.
Protocol: UDP. TCP is NOT used.
IP address: Different for each case. You can get the IP address by dialing *41# on the netTALK phone (when dial tone is present).


-Port Triggering-
Implement the ports as stated above along with the protocols. Typically you are asked only to provide port number or range only along with the protocol.
It may ask you for a public port and a private port per trigger.
An example would be...
Model: Private start port - Private end port, Protocol ++ Public start port - Public end port, Protocol
Example: 5060 - 5060, UDP ++ 5060 - 5060, UDP
Example: 10000 - 20000, UDP ++ 10000 - 20000, UDP


-Port Forwarding-
Implement the ports as stated above along with the protocols. Typically you are asked only to provide port number or range, along with the protocol and the IP address of the netTALK device.
It may ask you for a public port and a private port per forward.
An example would be...
Model: Private start port - Private end port, Protocol, Private IP ++ Public start port - Public end port, Protocol
Example: 5060 - 5060, UDP, 192.168.1.100 ++ 5060 - 5060, UDP
Example: 10000 - 20000, UDP, 192.168.1.100 ++ 10000 - 20000, UDP

**********************************************************

I have an ASA 5505 with the Security Plus License on it, setup as my router in my home.  I also have NetTalk for my home phone.  When my NetTalk device came in, I just plugged it into my switch (3com unmanaged gig switch), it got an IP, and it worked.

Do you know what type of license is on your ASA?  For example the basic ASA 5505 you can buy with no license has a max 10 private IP addresses you can use on the inside of your network.  Log in to your ASA and type this in:

show version

You should see something like this:

Licensed features for this platform:
Maximum Physical Interfaces  : 8
VLANs                                      : 20, DMZ Unrestricted
Inside Hosts                             : Unlimited
Failover                                     : Active/Standby
VPN-DES                                  : Enabled
VPN-3DES-AES                         : Enabled
SSL VPN Peers                         : 2
Total VPN Peers                        : 25
Dual ISPs                                  : Enabled
VLAN Trunk Ports                      : 8
Shared License                          : Disabled
AnyConnect for Mobile                : Disabled
AnyConnect for Linksys phone     : Disabled
AnyConnect Essentials               : Disabled
Advanced Endpoint Assessment  : Disabled
UC Phone Proxy Sessions          : 2
Total UC Proxy Sessions            : 2
Botnet Traffic Filter                     : Disabled

This platform has an ASA 5505 Security Plus license.

What does your read out say for Inside Hosts?

If you only have a max of 10 you can use, maybe you've uses them all up?

You shouldn't have to setup an Port Address Translations (port forwarding) to make the NetTalk device work.

You should enabled the SIP inspections. Go under policy-map in the default inspection in ASDM and make sure SIP protocol inspection is enabled.

Also do the same for  tftp inspection.

I hope it helps.

PK

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: