02-01-2020 01:28 AM
Hi all,
I have Palo alto in my network connected to CISCO Call manager server and Cisco DX650 IP phone. I am facing issue that DX 650 is not registering to Call manager server when I capture log I found that the traffic comming from Call manager server and IP phone into Firewall is completing TCP connection but when outgoing traffic from firewall towards Call manager server and IP Phones is sending TCP (RST/ACK) message. I also have cisco 8811 IP phone which got registered so please help me with this
02-06-2020 08:58 AM
What is in your Application?
You should remove application, and set service any in order to test unfiltered connections.
Rob
02-03-2020 04:14 AM
Have you got denied traffic logged?
Does the phone have static or is it trying to obtain a DHCP IP address..
Is there a Proto Difference between the two types of phone ( Skinny vs SIP )
02-03-2020 06:37 AM
Hi, thank for reply
All IP PHONES ARE WORKING ON STATIC IP
I HAVE INFORCE ONE WAY POLYCY FROM IP PHONES TOWARDS CUCM SERVER AND ALLOWED ANY APPLICATION OR PROTO..
DO I NEED TO INFROCE REVERSE POLICY FROM CUCM SERVER TOWARDS IP PHONES?
02-03-2020 06:38 AM
Hi, thank for reply
All IP PHONES ARE WORKING ON STATIC IP
I HAVE INFORCE ONE WAY POLYCY FROM IP PHONES TOWARDS CUCM SERVER AND ALLOWED ANY APPLICATION OR PROTO..
DO I NEED TO INFROCE REVERSE POLICY FROM CUCM SERVER TOWARDS IP PHONES?
02-03-2020 06:48 AM
For registration the CUCM should not necessarily need a rule as the Phone is the client.
Have your got logging turned on for your "default interzone" block??
Do you see any traffic from the phone?
Is the routing from the phone to the CUCM correct?
You will need a rule from the CUCM to the phone for SIP/SCCP, and perhaps the RTP traffic.
02-03-2020 09:11 AM
I HAVE 8 PHONES IN SAME RANGE FROM
X.X.X.200 TO X.X.X.207 SIX OF THEM ARE 8811 WHICH GOT REGISTERED SUCCESSFULLY AND 2 OF THEM ARE DX650 FOR WHICH I AM FACING ISSUE . FOR DX 650 TRAFFIC FROM IP PHONE TO PALO ALTO AND FROM CUCM TOWARD PALO ALTO ARE ESTABLISING TCP CONNECTION BUT TRAFFIC FROM PALO ALTO TO DX 650 AND TOWARD CUCM ARE SHOWING (RST/ACK) .
CUCM------------->PALOALTO<-----------IP PHONE
IS ESTABLISHING TCP CONNECTION
BUT
CUCM<------------PALOALTO----------->IP PHONE
IS SHOWING 【RST/ACK】
02-04-2020 12:13 AM
Have you tried a full allow rule in both directions? That will indicate if it's a security policy or other issue.
02-04-2020 09:13 AM
I am gonna try it tommorow and will let you know what happen
02-05-2020 09:47 PM
I have tried a full allow rule in both directions but HTTP packets are getting a drop in both situation from the firewall which DX 650 IP Phone use to fetch configuration from CUCM server
02-06-2020 12:51 AM
Sounds like a L3 routing issue to me then.
Rob
02-06-2020 07:36 AM
I have define service as Application default should I try with any services
02-06-2020 08:58 AM
What is in your Application?
You should remove application, and set service any in order to test unfiltered connections.
Rob
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
