Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2630
Views
0
Helpful
6
Replies

FreePBX (asterisk) Sipstation Cisco ASA 5520 Trunks Won't Register

recklesstuning
Level 1
Level 1

‎09-06-2013 08:02 AM - edited ‎03-11-2019 07:34 PM

FreePBX (asterisk) server ip 10.7.4.23

The is is what Sipstation is telling me they are seeing on their end:

2013-09-05 16:31:42.702739 [WARNING] SIP auth challenge (REGISTER) for [XXXXXX@trunk1.freepbx.com] from ip 10.7.4.23

So my ASA is showing the sipstation servers my internal IP address and not the external IP.

I can't setup a static nat for 5060 as I get an error: NAT unable to reserve ports.  I think this is because of the inspection map.

I have tried unchecking sip and H.323 in the service policy rules.

Labels:
0 Helpful
6 Replies 6

recklesstuning
Level 1
Level 1

‎09-06-2013 08:07 AM

I also get these in the syslog

6Sep 06 201311:06:12
10.7.4.235060192.159.66.3

Pre-allocate SIP SIGNALLING UDP secondary channel for inside:10.7.4.23/5060 to outside:192.159.66.3 from OPTIONS message

6Sep 06 201311:06:12
10.7.4.235060192.159.66.3
Pre-allocate SIP Via UDP secondary channel for inside:10.7.4.23/5060 to outside:192.159.66.3 from OPTIONS message
0 Helpful

paolo bevilacqua
Hall of Fame
Hall of Fame

‎09-06-2013 01:13 PM

Wrong forum, post in "Security - firewalling". You can move your posting with the Actions panel on the right.

0 Helpful

recklesstuning
Level 1
Level 1
In response to paolo bevilacqua

‎09-06-2013 01:33 PM

thanks I have now moved it.  Bump for some help!

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to recklesstuning

‎09-06-2013 11:38 PM

Can u share the NAT configuration you have so far?

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

recklesstuning
Level 1
Level 1
In response to Julio Carvajal

‎09-09-2013 05:09 AM

Let me know if you need something different.  My phone server has been offline ever since I switched to this ASA...

Manual NAT Policies (Section 1)

1 (inside) to (outside) source static any any   destination static NETWORK_OBJ_172.23.100.128_25 NETWORK_OBJ_172.23.100.128_25 no-proxy-arp route-look

up

    translate_hits = 109, untranslate_hits = 109

2 (outside) to (outside) source static NETWORK-2790 NETWORK-2790   destination static NETWORK-3820 NETWORK-3820

    translate_hits = 0, untranslate_hits = 0

3 (inside) to (outside) source static NETWORK-COLO NETWORK-COLO   destination static NETWORK-2790 NETWORK-2790

    translate_hits = 520083, untranslate_hits = 527119

4 (inside) to (outside) source static NETWORK-COLO NETWORK-COLO   destination static NETWORK-3820 NETWORK-3820

    translate_hits = 7494, untranslate_hits = 15189

Auto NAT Policies (Section 2)

1 (any) to (any) source static VMARR01 75.XXX.XXX.62

    translate_hits = 524, untranslate_hits = 519494

2 (any) to (outside2) source static PRTG-Probe interface   service tcp 23560 23560

    translate_hits = 0, untranslate_hits = 1

3 (any) to (outside2) source static VMUtility01 interface   service tcp www www

    translate_hits = 0, untranslate_hits = 964

4 (any) to (any) source static G-O-L-F 75.XXX.XXX.61

    translate_hits = 3806, untranslate_hits = 14287

5 (any) to (outside) source static Lanczak interface   service tcp www www

    translate_hits = 0, untranslate_hits = 88

6 (any) to (any) source static ThreadJacked ThreadJacked-External-IP

    translate_hits = 120, untranslate_hits = 848

7 (any) to (any) source static Eurovagens Eurovagens-External-IP

    translate_hits = 656, untranslate_hits = 5820

8 (any) to (outside) source static VMWIn701 interface   service tcp 3389 3389

    translate_hits = 0, untranslate_hits = 257

Manual NAT Policies (Section 3)

1 (inside) to (outside) source dynamic any interface

    translate_hits = 23949, untranslate_hits = 3

2 (outside) to (outside) source static NETWORK_OBJ_172.23.100.128_25 interface   no-proxy-arp

    translate_hits = 135, untranslate_hits = 0

0 Helpful

Julio Carvajal
VIP Alumni
VIP Alumni
In response to recklesstuning

‎09-09-2013 10:11 AM

I think the show run of the ASA will be helpful (the internal Ip address of the PBX server is 10.7.4.23 right?)

Let me know,

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card