Does this mean I should not need to create any NAT's or ACL's for the RTP traffic? If this is true how does the SIP inspection decide what to NAT the phone IP's to for RTP traffic? I can't seem to find the answer anywhere. To make calls FROM the 'LAN A' to the phones in 'LAN B' on the ASA 5520 I was thinking I need to ġ) Enable SIP inspection and RTSP inspectionĢ) Put in a static nat translation and ACE to expose the Cisco Call manager to the remote phones.ģ) Put in a rule allowing outbound SIP Traffic to the remote phones.ġ) Does this sound sufficient from the point of view of the ASA 5520 configuration? If not, what am I missing?Ģ) From my understanding the SIP inspection will NAT the IP's of the phones for the RTP(voice) and open up pinholes. Now I want to let my phones in the LAN make calls to the 2 Cisco IP Phones behind the other firewall. You can configure NAT Transversal when you need to implement site-to-site VPN where the VPN hub is behind a router. Our ASA is configured with default SIP-inspection settings. So the media never returns from the SIP-trunk after the call is established, because the SDP is the private IP-adress of the MX/MGU.
#Cisco asa sip alg series
I have tried with the SIP inspection on and off (in the config below it is disabled) Cisco Config: Hardware: ASA5506, 4096 MB RAM, CPU Atom C2000 series 1250 MHz, 1 CPU (4 cores) : ASA Version 9.8 (4)12. SDP/Return Adress: Internal IP back to MX/MGU. It cannot make calls, when receiving a call it will ring, but with no sound. In the firewall, the only item you can configure is SIP ALG in disabled or enabled mode. 200-OK from internal MX/MGU to external SIP: Header IP: Correctly NATed IP back to the MX/MGU. Click on the Service Ports tab and disable it through the GUI. For Mikrotik routers, SIP ALG is known as SIP Helper. The remote phones in 'LAN B' will be configured to send SIP traffic to the Call Manager in 'LAN A' SIP is a VoIP telephony protocol, it is not a firewall configuration. Type in ‘5060’ into the Start Port and End Port for the ‘Triggering Range’ and ‘Forwarded Range’ fields. 'LAN A' with Call Manager and Phones ASA 5520(running 8.3) internet Another 3rd Party Firewall 'LAN B' 2 Cisco IP Phones Our hosted voice provider has asked us to disable SIP ALG, I thin it is part of our default policy map: policy-map globalpolicy.
Hi I have a question regarding allowing SIP traffic through an ASA. In order to disable the SIP implementation- in global config mode on the router go to the policy map and remove the inspect sip line.
0 kommentar(er)
