Cisco ASA via ASDM

This guide will help you get your PBX/Phone which is behind a Cisco ASA using NAT registered with SIPTRUNK.com. In this guide the PBX/Phone was given the address 192.168.1.7 and it was using port 25204 to communicate SIP traffic. In most cases you will be using port 5060 but we set out to prove that this could be done on pretty much any port.

1. Create a network object for the SIPTRUNK.com Gateway(s) you will be connecting to. You should make an identical entry to the one below for gw2.siptrunk.com, this example only illustrate gw1.siptrunk.com.

2. Create an access rule for the SIPTRUNK.com Gateway(s). In this example we used an "ANY" match for UDP but you will want to limit this down to the actual UDP port your PBX/Phone is using to communicate via SIP (usually 5060). You should make an identical entry to the one below for gw2.siptrunk.com, this example only illustrates gw1.siptrunk.com.

3. You will need to make a Static NAT Rule which ensures 1:1 Port Address Translation. If you fail to complete this step your registration will work for a few seconds and outbound calls may work, but inbound calls will fail because the port that is actually open for the PBX/Phone has changed without notifying SIPTRUNK.com.

4. At this point you will be able to register your PBX/Phone with SIPTRUNK.com but you will not have any audio on the calls. That's because we haven't told the ASA how to associate the RTP (Media Traffic) with the SIP Traffic that it sees. To do this we need to have the ASA inspect the SIP traffic. In this guide we are using the default inspection policy on the ASA as it includes SIP traffic. You may want to make a specific inspection policy depending upon your needs.

We decided to use the CLI at this point to make things a little easier. We used the following commands:

enable

conf t

policy-map global_policy

match default-inspection-traffic

service-policy global_policy global

Essentially these commands taken together create a policy map named "global_policy" and make that policy enforce the default inspection list of services, and then apply that policy to all interfaces. Ensure that you save the changes if you want to keep them. When you are finished your ASDM should now have:

At this point you should be able to make and receive calls with audio in both directions. If so...YOU DID IT!

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk