Is it correct that the SIP inspection in the ASA 5500 firewalls only kicks in for traffic on port 5060? There is some hint at this, while not 100% definitive, on Cisco Docs - http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/82446-enable-voip-config.html#sip.
I have trouble to get audio working when my IP PBX is configured to receive inbound calls on another port than 5060. The IP PBX I am using is a SIP proxy with a built-in SBC and it demands that inbound traffic shall be sent to port 5080. Traffic between IP PBX and ITSP goes via an ASA 5505 firewall (that's the older generation).
Inbound Calls do connect, but then I have one-way audio. The RTP does not flow from external to internal. (Outbound calls are no problem, all fine with 2-way audio - but they are sent with destination port 5060). This would make sense if the ASA won't start the SIP inspection due to the different port 5080.
But is that really the case? And if that is so, can I configure somewhere which SIP port the ASA should look for? Or is there any workaround? (I can probably open all inbound RTP ports ... but I would like to avoid that)
To make this clearer - in fact the ITSP sends inbound calls to the ASA dutifully on port 5060. My static NAT rule does port translation from 5060 to 5080. According to the Cisco docs SIP inspection is done BEFORE the IP header is getting rewritten, so the "sip inspect" SHOULD see port 5060. Does anyone have a decisive answer on this? I have trouble to test different scenarios myself because the PBX simply does not allow 5060 so I have no chance to do a counter-test.
