View Single Post
Old 07-06-2016, 11:29 AM
lazar24 lazar24 is offline
Hot Shot
Join Date: Jun 2016
Posts: 13
lazar24 has 10 reputation points
Default SIP trunk from SessMan to ISP over NAT without SBC


I'm wondering is there any way to get this working over NAT on asa 5525-x (asa941-smp-k8.bin)?
Inspect UDP SIP is on, I see it trying to reach ISP server and it even does successfully, ISP sends the reply (200 OK) back and it never gets there. No matter what I do, I get 408 in monitoring. If I turn inspect off, situation changes vice versa: I see my trunks are UP, ISP says he gets 408. Show sip on asa gives a bunch of:

call-id 8895796923645224@
From: sip:;0677691546696435_local.146780781 3015_8945_8944
To: sip:;SDtf7u099-ytisyszs
state Call init, timeout 0:03:00 idle 0:01:30
Transaction State Timeout Idle
Cseq 2 OPTIONS Transaction Proceeding0:03:00 0:01:30

I tried static NATing, dynamic PAT, one-to-one - same result. I can't configure it without NAT cause ISP is accepting SIP traffic only from a /30 address he gave me, so I have to NAT source to this address to reach their gateway, I can't straight put this inside my network for obvious reasons.
I've read a lot and it seems the problem is SIP incapsulating reg interface IP inside user data in the protocol and ASA has problem analising the payload dynamically in certain cases, seems I've got that one case (
I've also tried to use adaptations to rewrite sip: to .206, I was told that could help, but no success, can't get those adaptation to work properly. I'm reading ahead this now, but wondering if there is a better way of accomplishing this.
I understand SBC will solve my problem but the goal now is to present a working environment WITHOUT SBC, there are reasons for this...
If anyone can direct me to how solve this without SBC, SIP proxiing, asterisk's-in-the-middle etc. - that would be totally GREAT.
Thank You very much in advance.

Last edited by lazar24; 07-06-2016 at 11:55 AM.