[asterisk-users] Asterisk behind a PIX firewall?
Matt
mhoppes at gmail.com
Tue Nov 27 09:40:06 CST 2007
Shlomo,
My understanding is I have to do a no fixup sip 5060. This from Cisco.
Without doing the no fixup the registration ports get all mangled.
On Nov 27, 2007 10:11 AM, Shlomo Dubrowin <dubrowin.list at gmail.com> wrote:
> Matt,
>
> If your phone is using SIP, then you should enable sip inspection (7.xcode or above) or fixup sip (
> 6.x code) and have a rule that allows source (wherever you need) inbound
> on the outside interface to TCP 5060 (SIP port). The sip inspection or
> fixup should enable the proper ports for the require RTP streams. I had
> this working through an ASA at some point, but I don't remember if both ends
> were doing NAT or only one end. I don't know the phone you are talking
> about, but you also might want to look into STUN or ICE to get beyond the
> NAT Traversal issue, if that is what's causing the problem.
>
> In the Firewall log, are you seeing Denys? or drops? Have you tried debug
> sip on the firewall console? I've been dealing with several ASA SIP issues
> lately. SIP trunking with NAT will certainly not work and there is a Cisco
> Bug that my company discovered when setting up our PBX.
>
> Shlomo in Israel
>
>
> On 11/27/07, Matt <mhoppes at gmail.com> wrote:
>
> > Is there anything special that anyone here has had to do to get an
> > Aastra phone (on the Internet) to talk to Asterisk behind a PIXfirewall?
> >
> > Ports 10000-20000 UDP are open on the PIX and forwarding to the Asteriskserver. The
> > Asterisk server's RTP.CONF is set to use 10000-20000. The phone
> > registers, and will place AND receive calls, however, no audio is passed.
> > The phone is an Aastra 9133i.
> >
> > _______________________________________________
> > --Bandwidth and Colocation Provided by http://www.api-digital.com--
> >
> > asterisk-users mailing list
> > To UNSUBSCRIBE or update options visit:
> > http://lists.digium.com/mailman/listinfo/asterisk-users
> >
>
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20071127/6fdab880/attachment.htm
More information about the asterisk-users
mailing list