[afnog] CONNECTING TWO PBX OVER THE ASA FIREWALL

[Tomslin Samme-Nlar]

Hi David,

Generally, you need to open up the UDP port range (16384 - 32767) that the
media (RTP) will be delivered on, in addition to the SIP signaling ports
you have opened. And generally, this port would be random for each session
but I know some UAs are able to negotiate specific ports, when configured
to.
Assuming you have opened up the RTP ports correctly on your firewall, your
mention of NAT sets off many bells. SIP doesn't like NAT very much.
Firewalls generally find it hard to match the RTP traffic to the SIP
traffic when NAT is involved. In fact, your description of the issue sounds
a lot like NAT issues but could be something else too like codec
negotiations. But assuming it is NAT transversal, you may want to implement
one of the solutions recommended in this IETF informational draft  =>
https://tools.ietf.org/html/draft-ietf-sipping-nat-scenarios-15

Cheers,

Tomslin
Fingerprint: 4D72 D735 DE42 D9FA 2453 8784 3C05 E338 5BBB 1D5C



On Mon, 28 Jan 2019 at 20:30, David Chima <dgchima at gmail.com> wrote:

> Dear AfNOG
> I need help. I have an ASA 5506-X running software version 9.5(2). I have
> connected one PBX on the SERVER DMZ and the other PBX is in the WAN 300Km
> away.
> I have setup the firewall with static NAT so that the IP addresses are not
> seen on either side as dynamically assigned but statically as they are. I
> have also setup inspection for SIP and H323.
>
> The PBX can talk to each other somehow because from an extension attached
> to one PBX I can call the other extension on another PBX, but the call
> recipient cant hear anything after lifting the receiver.
>
> Anyone who can help me please
>
> Regards
>
> David Chima
> _______________________________________________
> afnog mailing list
> https://www.afnog.org/mailman/listinfo/afnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.afnog.org/pipermail/afnog/attachments/20190129/eec4795f/attachment.html>