Hi fskrotzki (again). Thanks for the reply.
The old firewall was Smoothwall Express 3.0. I have a screen shot of the rules in question. But it is not my intent to argue or defend. I was thrown into the sys admin position without any warning or knowledge transfer so I am learning as I go. I am in a quandary and need to get my other users with softphones connected to the asterisk system via the ASA. The only thing I have to go by is what the previous firewall rules were (because I know they worked). That said, do you have another solution I could use with the ASA to allow more than one softphone access the asterisk system ? I do not have a large understanding of the asterisk system.
Slightly off topic, last weekend I had both days free and was going to load the current version of trixbox on an old server I had laying around at home to get a little more familiar with the systems. Before the install, the box powered up to ubunto fine, then 5 minutes later died. Bad power supply. I never got around to loading trixbox. I have a power supply being shipped to me as we speak. As soon as it comes in I am going to load up trixbox and see if I can’t get a better grasp of how the systems work.
In the meantime, I could certainly use some help and advice in getting my other soft phones to work via the ASA. I’m no Cisco guru, but I can get around in the ASA ok. Some of the items were set up in the ASA before I got here… In the ASA I have a few objects and an access list and a static NAT rule. They look like this.
object-group service Asterisk_UDP udp
description Sip & Trunk UDP Ports
port-object eq 4569
port-object eq sip
port-object range 10000 20000
access-list outside_access_in remark Sip & Trunk UDP Ports to Asterisk1
access-list outside_access_in extended permit udp any host 74.220.230.142 object-group Asterisk_UDP
access-list outside_access_in remark Asterisk1 SSH
access-list outside_access_in extended permit tcp any host 74.220.230.142 eq 25550
access-list outside_access_in remark Asterisk1 Signal port
access-list outside_access_in extended permit tcp any host 74.220.230.142 eq sip
access-list outside_access_in remark Don M Softphone
access-list outside_access_in extended permit udp any host 74.220.230.142 eq 9901
access-list outside_access_in remark Maury Soft Phone
access-list outside_access_in extended permit udp any host 74.220.230.142 eq 9970
access-list outside_access_in remark Sip & Trunk UDP Ports to Asterisk1
access-list outside_access_in remark Asterisk1 SSH
access-list outside_access_in remark Asterisk1 Signal port
nat (inside) 10 Asterisk1 255.255.255.255
static (inside,outside) udp interface sip Asterisk1 sip netmask 255.255.255.255
static (inside,outside) udp interface 9901 Asterisk1 4569 netmask 255.255.255.255
static (inside,outside) tcp interface 2567 Asterisk1 ssh netmask 255.255.255.255
static (inside,outside) tcp interface 8088 Asterisk1 www netmask 255.255.255.255
static (inside,outside) udp interface 9970 Asterisk1 4569 netmask 255.255.255.255
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
I realize this is not a Cisco forum, but where these entries pertain to my asterisk machine, I thought it would be ok to post them.
Thanks for any help you can provide.
P…