This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
bdaugustine
Explorer
‎2026-03-04 06:15 AM
Jump to solution

SASE and Cisco VoIP

We have an on-premise Cisco Call Manager cluster for our VoIP and remote use a Cisco product called Cisco IP Communicator. Everything works with Mobile Access, but users on SASE are experiencing one-way audio. I did open an SR and performed the recommendations, but I'm not convinced this is a problem with SASE. It feels more like a routing problem, so I'm hoping someone can steer me in some direction.

The SASE user can talk and the other party hears, but the SASE user does not hear the other party. This is why I suspect routing: the internal call manager can't get reach the remote end. In Mobile Access, we added some static routes for the office mode IP to route thru the Mobile Access gateway. But there is no "gateway" as such for me to route the SASE network.

Hopefully I'm making sense...

 

 

Labels
1 Solution

Accepted Solutions
bdaugustine
Explorer
‎2026-03-09 04:09 AM
Jump to solution

So we finally got this resolved.

In my specific case, it was a NAT rule that inadvertently encompassed our VoIP subnets, so the phones were going the wrong way. Once we added a "no-NAT" rule, this operated as expected

 

View solution in original post

5 Replies
PhoneBoy
Admin
Admin
‎2026-03-04 02:09 PM
Jump to solution

With Mobile Access and Office Mode, VoIP apps should work without NAT.
Thus the issue could be fixed by routing.

SASE doesn't offer these, which means VoIP apps would have to be NAT aware to work properly.
Not sure how those are handled, tagging @rlopes 

0 Kudos
simonemantovani
MVP
MVP
‎2026-03-04 11:58 PM
Jump to solution

Hello

question: how you configured the communication between the SASE gateway and you on-prem call manager, did you configured a VPN site-to-site between SASE and your firewall? If yes, traffic from call manager and SASE client should work (I have implemented a SASE tenant where the customer manages remote clients connected in SASE). So I expect that it should work also for VoIP (if you configured the site-to-site vpn).

If this is your scenario, jutst to begin the investigation, did you try to capture traffic between call manager and SASE clients?

Usually one-way audio could depend by a firewall that apply protocol inspection, and VoIP is very susceptible when protocol inspection is applied.

0 Kudos
bdaugustine
Explorer
‎2026-03-09 04:09 AM
Jump to solution

So we finally got this resolved.

In my specific case, it was a NAT rule that inadvertently encompassed our VoIP subnets, so the phones were going the wrong way. Once we added a "no-NAT" rule, this operated as expected

 

sjni01
MVP Diamond
MVP Diamond
3 weeks ago
In response to bdaugustine
Jump to solution

Typically, UDP traffic is some sencitive to NAT actions, but it looks like me excellent that you could fix that.

Lenhard
Participant
3 weeks ago
In response to bdaugustine
Jump to solution

Nice info!

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events