[asterisk-users] Asterisk behind a PIX firewall?

Shlomo Dubrowin dubrowin.list at gmail.com
Tue Nov 27 09:11:24 CST 2007


If your phone is using SIP, then you should enable sip inspection (7.x code
or above) or fixup sip (6.x code) and have a rule that allows source
(wherever you need) inbound on the outside interface to TCP 5060 (SIP
port).  The sip inspection or fixup should enable the proper ports for the
require RTP streams.  I had this working through an ASA at some point, but I
don't remember if both ends were doing NAT or only one end.  I don't know
the phone you are talking about, but you also might want to look into STUN
or ICE to get beyond the NAT Traversal issue, if that is what's causing the

In the Firewall log, are you seeing Denys? or drops?  Have you tried debug
sip on the firewall console?  I've been dealing with several ASA SIP issues
lately.  SIP trunking with NAT will certainly not work and there is a Cisco
Bug that my company discovered when setting up our PBX.

  Shlomo in Israel

On 11/27/07, Matt <mhoppes at gmail.com> wrote:
> Is there anything special that anyone here has had to do to get an Aastra
> phone (on the Internet) to talk to Asterisk behind a PIX firewall?
> Ports 10000-20000 UDP are open on the PIX and forwarding to the Asteriskserver.   The
> Asterisk server's RTP.CONF is set to use 10000-20000.    The phone
> registers, and will place AND receive calls, however, no audio is passed.
> The phone is an Aastra 9133i.
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20071127/8acdc8ec/attachment-0001.htm 

More information about the asterisk-users mailing list