Hello,
I have CISCO ASA5510 firewall and I am trying to configure it to work for Asterisk, with not much luck. I am using the VOIP.MS for my SIP trunks, but unable to configure the router so that it allows the incoming calls, as well as gives priority to voip traffic over data.
My Asterisk sever sits on inside network, on the address 192.168.0.28.
If you can help me with the config file for the router, I would greatly appreciate it!
Thanks!
: Saved
:
ASA Version 8.2(1)
!
hostname ciscoasa
enable password e4LiqBDD9o6dkHui encrypted
passwd 2KFQnbNIdd.3KYOU encrypted
names
name 192.168.0.37 Max_PC
dns-guard
!
interface Ethernet0/0
nameif outside
security-level 0
ip address 111.243.150.51 255.255.255.240
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 192.168.0.1 255.255.255.0
!
interface Ethernet0/2
shutdown
no nameif
no security-level
no ip address
!
interface Ethernet0/3
shutdown
no nameif
no security-level
no ip address
!
interface Management0/0
shutdown
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
ftp mode passive
object-group network obj_any
object-group protocol SIP
description SIP protocol
protocol-object udp
protocol-object tcp
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
object-group protocol DM_INLINE_PROTOCOL_1
protocol-object udp
protocol-object tcp
object-group network DM_INLINE_NETWORK_1
network-object host 98.175.241.3
network-object host 98.175.241.2
access-list RDP extended permit tcp any host 111.243.150.51 eq 13001
access-list RDP extended permit object-group SIP any host 111.243.150.51 eq sip
access-list RDP extended permit tcp any host 111.243.150.51 eq ftp
access-list RDP extended permit tcp any host 111.243.150.51 eq 8080
access-list RDP extended permit tcp object-group DM_INLINE_NETWORK_1 host 111.243.150.51 eq 13101
pager lines 24
logging enable
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-621.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp interface 13001 Max_PC 3389 netmask 255.255.255.255
static (inside,outside) tcp interface ftp 192.168.0.2 ftp netmask 255.255.255.255
static (inside,outside) tcp interface 8080 192.168.0.2 8080 netmask 255.255.255.255
static (inside,outside) tcp interface 13101 192.168.0.3 3389 netmask 255.255.255.255
access-group RDP in interface outside
route outside 0.0.0.0 0.0.0.0 111.243.150.49 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 management
http 192.168.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd dns 69.38.143.2 69.38.208.20
!
dhcpd address 192.168.0.100-192.168.0.200 inside
dhcpd enable inside
!
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd enable management
!
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
ssl encryption 3des-sha1 des-sha1 rc4-md5 aes128-sha1 aes256-sha1
webvpn
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:8223e981e18c8cb1e9cc4adb01092cbb
: end
asdm image disk0:/asdm-621.bin
no asdm history enable