Phone calls random failing to connect at remote locations - Cisco Call Manager

pstraatsma · ‎07-19-2019

We are in the process of converting over to Palo Alto firewalls at our remote locations from ASA firewalls. A few of our sites now are having some strange issues when attempting to make phone calls.We are a Cisco call manager shop.

Here is a basic setup of our network:

Remote Office <-Site to site VPN tunnell-> Main Office

Voice setup between those locations:

Analog lines (connected to router) - Remote Router - Remote Palo Alto <-Site to site VPN tunnell-> Main Office ASA firewall - Main Office Call-Manager

When someone at the remote location dials a external number, the phones SOMETIMES rings busy, even when the external phone number is not actually busy (tested and verified). The call will go through to the remote number but when they answer all they get is dead air. SOMETIMES the call goes through just fine. SOMETIMES when the call works and when the external number hangs up first the call stays active on the remote office's desk phone.

We've tried turning off ALG inside the SIP application, but when we test locally by setting up the calling search space to the remote office at a main office phone where we work, we still have problems.

BPry · ‎07-20-2019

So one thing I would look at is if the phones connection to CUCM is being force closed by the firewall. It's been a few years, but I remember an issue where the phones would silently have to "re-register" in a sense to the CUCM server because it wasn't sending enough keep-alive traffic to keep the connection active.

RobinClayton · ‎07-22-2019

Is there any NAT going on?

Are you running SIP or SCCP?

can you see the SIP/SCP/RTP in session browser?

Rob

pstraatsma · ‎07-22-2019

Is there any NAT going on?

Just to the internet, but not for the devices over the VPN

Are you running SIP or SCCP?

SIP

can you see the SIP/SCP/RTP in session browser?

Yes, but because it takes a few tries for us to get a busy signal I am not sure which logs are whitch. I just turned on log at session start to see if that helps identify what is going on when. I'll report back.

OtakarKlier · ‎07-22-2019

Hello,

Also check the logs to make sure you are not blocking/dropping any traffic.

Regards,

pstraatsma · ‎07-22-2019

Updates! We switched the "Outgoing Transport Type" from TCP+UDP to UDP and that seems to have cleared up the issue. I have a support case open and a call tomorrow to talk about it, we'll see what they say.

jloeck · ‎01-22-2020

What verison of firmware on your Palo and what version of CUCM?

I'm having a very similar set of problems as we upgraded to 9.0.4

pstraatsma · ‎01-23-2020

We are on 9.0.2 h4 for Palo and 11.5 for Call Manager.

Ralvarado10 · ‎01-30-2020

Hello I am having the same issue with a firewall that I upgraded to 9.0.5. can you please tell me how you switched the "Outgoing Transport Type" from TCP+UDP to UDP ?

I really appreciate your help.

pstraatsma · ‎01-31-2020

Here you go, this is from our Voice Engineer.

Call Manager

System -> Security -> SIP Trunk Security Profile.

Select the profile you are currently using on your SIP trunk(s)

Under ‘Outgoing transport type’ – change it to UDP. Then reset. This will reset your SIP trunk(s) and disconnect any active calls.

Strata

Prisma

Cortex

Phone calls random failing to connect at remote locations - Cisco Call Manager

Phone calls random failing to connect at remote locations - Cisco Call Manager

Show your appreciation!