Success with Cisco ASA 5505 (without port forwarding)

Discussion in '3CX Phone System - General' started by Voipman, Jan 2, 2010.

Thread Status:
Not open for further replies.
  1. Voipman

    Joined:
    Jan 2, 2010
    Messages:
    1
    Likes Received:
    0
    I want to report success setting up 3CX with a Cisco ASA 5505 (version 8.2) without using port forwarding.
    3CX version: 8.0.10116.583
    Generic SIP provider (http://www.voipvoip.com) using trunking.
    3CX PBX private address is 10.0.0.101
    (It is worth mentioning that I had some difficulties getting version 7 to work on a PC with two Ethernet interfaces.
    For the results described here, everything was done here on a different PC with a single Ethernet interface).

    The Cisco ASA 5505 has SIP ALG support. This is nice because the PBX can protected by the firewall in the ASA.
    Here are the steps to configure the 3CX:
    - <settings><network setting> <turn off stun server>
    - <settings><network setting> <public IP to specify in contact and SDP> = 10.0.0.101
    - <Add Voip providers> <advanced> <which IP to use in contact field for registration> = internal

    No changes to the Cisco ASA configuration (no special NAT rules, no changes to SIP settings, no special firewall rules).

    Everything worked fine (inbound, outbound and no call drops).
    This makes sense, because the settings above basically tells 3CX to not worry about NAT. The Cisco ASA with the SIP ALG takes care of all of that, including punching the correct holes for the RTP streams.
    Please note that the configuration above not allow you to connect using the 3CX tunnel from outside. To do that (if you need to), you need to punch holes through the Cisco ASA.
    Also, SIP connections are initiated from inside to the VOIP trunking provider (voipvoip.com above). This is not a problem, it is good security.

    best of luck.
     
  2. lucaspick

    Joined:
    Feb 8, 2013
    Messages:
    1
    Likes Received:
    0
    We are also setup on the same configuration with a Cisco ASA 5505 v8.2 and our 3CX is a Hyper-V VM. So far everything is working but we continue to have an inbound silence issue on calls a couple of times a day. Our ASA is setup to only pass through traffic from the voice provider to our phone server. We have NAT working to pass through the traffic directly to the phone server from our static ip which we have just for the phone system.

    As soon as this silence problem arises when someone tries to call one of our numbers, I have to continue to make one call from one of our internal phones to another internal phone using it's external number. In other words, it is almost like the ASA is forgetting how to route traffic inbound until i make an inbound call from one of our internal phones. Then everything starts working for another few hours until I have to repeat the process. I don't see any packets getting blocked, but occasionally I'll see a "land attack block" from our inside interface to it's same ip.

    Anyone have any ideas or has anyone see this happen before? Please help!
     
Thread Status:
Not open for further replies.