Known Issues

  1. SIP ALG is enabled by default.
  2. These devices may have an Auto Voice VLAN setting that will need to be disabled if it not .
  3. DNS relay/proxy needs to be disabled if enabled.

Resolution

  1. Intermedia cannot make the changes below for you. 
    • The ASA devices usually don't have a web interface. 
    • They usually require either plugging a computer into the Console port on the back on the firewall or connecting to the firewall using a remote administration service, like Telnet, if enabled.
  2. Your IT or a Cisco technician will need to add the following line to your Cisco firewall's configuration to disable SIP ALG and SIP packet filtering on the SIP ports the Intermedia devices use:
    • no inspect sip 6060
    • no inspect sip 6061
    • no inspect sip 6100-6899
    • no inspect sip 5060
    • no inspect sip 5061
  3. Disable Auto Voice VLAN if your ASA has this feature.  The phones either need to be on the same subnet as the computers or on a separate subnet with their own compatible router.
  4. If you have or plan to purchase Polycom phones, the DHCP server needs to instruct the phones to use efficient DNS servers, like Google's 8.8.8.8/8.8.4.4 or OpenDNS, as their Primary and Secondary DNS servers.  
    • This is because many ISP DNS servers take too long to relay the Polycom phones' DNS lookup requests, which causes the phones to intermittently lose registration.
  5. DNS proxy/relay needs to be disabled so that the phones are told to use the efficient DNS servers instead of sending their DNS requests to the firewall or another local DNS server to then have the requests relayed to outside DNS servers. 
    • This reduces the time it takes for the phones to resolve domain names, which ensures the phones stay registered with our servers.
  6. As long as all outbound traffic from the Intermedia devices is allowed, which it is by default on these Cisco devices, then creating firewall rules (ACLs) for the phones is usually unnecessary.
  7. Port security can be setup on these Cisco devices to not allow a phone to use specific Ethernet ports on the firewall unless your IT or a Cisco technician adds the phone's MAC address to a trusted list. 
    • If one or all of your phones cannot get an IP address -- they say 'Network is down' or 'Configuring', then you will need to contact your IT or a Cisco technician.