N E T V I R T E X P E R T

     As you maybe know SIP doesn't like NAT :)... especially for IOS/IOS-XE Cisco based devices (ASA for example handle that much, much better). For that reason you need straight config to make it work - for control and audio part of communication. These are required steps in UC CME environment with public SIP account for trunk PSTN access: - define 1 ACL for udp SIP traffic (port 5060) and RTP audio port match - very probably high value ports: ip access-list extended UDP_RTP  permit udp any any range 8000 65000  permit udp any any eq 5060 - define 1 route-map (for NAT) that uses previosly created ACL: route-map SIP_NAT permit 10  match ip address UDP_RTP - define  STATIC NAT  translation for your inside SIP voice interface (this example uses 192.168.12.x for that purpose): ip nat inside source static 192.168.12.x [YOUR-PUBLIC-IP] route-map SIP_NAT Adequate ACL for WAN access and SIP secure communication should be in place if you're using public SIP trunk account of course. CME

     In case you have problem accessing ASA through ASDM manager which gives you error like " Unable to launch device... " and you already configured everything by the book for ASDM access, then you should check JAVA policies - especially with Java 1.8 - and you can upgrade them so they allow you to use more strict FIPS standard or high ciphers inside your ASA device. You can download required files from  HERE  (for Java 1.8) and upload them, instead of existing one, in your Java install folder --> lib --> security. After that ASDM with enabled strong SSL ciphers should work fine...