I've hit issues with ASA's and SIP ALG time and time again in the 4 years I've been in networking and I've reached a point where I'm determined to get this figured out. I'm not great with policy-maps and I'm trying to get a solid grasp on that as well. It really boils down to this. When configuring an ASA in front of a PBX where remote phones will be registered to that PBX through that ASA...
If I don't have SIP inspection enabled on a policy map, the RTP ports won't get pinholed during call setup so I have to manually create NAT rules for those RTP ports and/or permit them through the firewall depending if the PBX has a static assigned or if we're doing PAT.
If I do have SIP inspection enabled on a policy map, the RTP ports DO get pinholed during call setup and I don't have to manually create the NAT and/or access-list rules however the ASA always takes and changes the source IP of the phones RTP stream and modifies it to be the inside global IP of the phone, not the outside global as it should be.
Is there a trick to this? Anyone else hit this issue and discovered what's wrong or what specifically resolves the way ASA's handle this? Thanks for any help!
No comments:
Post a Comment