06-07-2012 05:32 AM
I am kind of stuck troubleshooting an issue with regards to SIP traffic. My customer integrated a new Digium Switchvox SIP VoIP in their network. A couple of weeks ago, the telephone system wasn't working i.e. no outbound and inbound calls were possible. In the beginning I thought it was something issuw with their providers including ISP.
Later it turned out to be that the firewall was rejecting incoming packets. After reading a couple of posts, I configured the Application Override policies to allow unknown tcp and udp on ports 5060 and it came into life. It worked for a week with no hiccups till they had a power cut. After the firewall came back up; we encountered the same issue of NO calls were possible.
After a couple of hours without anyones notice, the phone system was working and PA was sending and receiving traffic. I tried to determine the cause but remained unsuccessful.
Last week, with no power outage, the phone system was up and running but NO calls were possible. This is when for testing purpose, I bypassed the PA firewall using an HP switch and everything looked absoultely fine. Got the PA back in-line and NO calls were possible again.
This is when we had to point our fingers towards PA firewall. Now, I was just wondering if anyone has gone through such issues and if yes, how was it diagnosed? I am kind of lost on what to do now.
The only thing I could think of was to leave the tcp and udp ports to 0 - 65535 under application override. I will not be able to test it for the next couple of weeks as we cannot afford to loose the service.
Now, the situation stands like PA is being bypassed. Since I have got a couple of weeks to think of it, I thought of posting it here to see if anyone was willing to shed some light on this.
06-07-2012 11:27 AM
Hi...It is possible that the phone system was continuing to retry using the existing UDP/TCP sessions. When the PA firewall came back, it would drop those packets due to stateful inspection. Once the phone system begun to initiate new sessions, then everything recovered. Thanks.
06-07-2012 11:42 AM
To be honest, the phone system had no sessions to retry. So PA dropping those packets wasn't actually visible. And I dont think the phone system requires more than 30mins to initiate new sessions..!!
Any other thoughts??
06-24-2012 06:03 PM
did u resolve your problem?
if u resolved how can u do that
06-25-2012 09:14 AM
The issue hasn't been sorted out yet as the customer did not want to break any of their telephone systems as this was an important period for them. At the moment, the PA is being bypassed and all the traffic has been diverted to Cisco ASA.
I will be looking into this in a couple of weeks..!! Will let you know once fixed, or in the mean while, if you find a fix, can you please share it with me.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!