- Get Started
- News & Events
- Collaboration
- Education Services
- Technologies
- Next-Generation Firewall
- GlobalProtect
- Threat Prevention Services
- Endpoint Protection
- SSL Decryption
- App-ID
- Content-ID
- User-ID
- 5G
- IoT Security
- Cloud Identity Engine
- Panorama
- AIOps for NGFW
Network Security
- Prisma Access
- Prisma Cloud
- Prisma SD-WAN
- Cloud NGFW for AWS
- CN-Series
- VM-Series:
- Private Cloud
- OCI
- Alibaba
- AWS
- GCP
- Azure
Cloud Security
- Cortex XDR
- Cortex XSOAR
- Cortex Data Lake
- Cortex Xpanse
Security Operations
- Resources
- COVID-19 Response Center
Phone calls random failing to connect at remote locations - Cisco Call Manager
- LIVEcommunity
- Collaboration
- Discussions
- General Topics
- Phone calls random failing to connect at remote locations - Cisco Call Manager
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
07-19-2019 02:50 PM
We are in the process of converting over to Palo Alto firewalls at our remote locations from ASA firewalls. A few of our sites now are having some strange issues when attempting to make phone calls.We are a Cisco call manager shop.
Here is a basic setup of our network:
Remote Office <-Site to site VPN tunnell-> Main Office
Voice setup between those locations:
Analog lines (connected to router) - Remote Router - Remote Palo Alto <-Site to site VPN tunnell-> Main Office ASA firewall - Main Office Call-Manager
When someone at the remote location dials a external number, the phones SOMETIMES rings busy, even when the external phone number is not actually busy (tested and verified). The call will go through to the remote number but when they answer all they get is dead air. SOMETIMES the call goes through just fine. SOMETIMES when the call works and when the external number hangs up first the call stays active on the remote office's desk phone.
We've tried turning off ALG inside the SIP application, but when we test locally by setting up the calling search space to the remote office at a main office phone where we work, we still have problems.
Accepted Solutions
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
07-22-2019 02:44 PM
Updates! We switched the "Outgoing Transport Type" from TCP+UDP to UDP and that seems to have cleared up the issue. I have a support case open and a call tomorrow to talk about it, we'll see what they say.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
01-31-2020 06:02 AM
Here you go, this is from our Voice Engineer.
Call Manager
System -> Security -> SIP Trunk Security Profile.
Select the profile you are currently using on your SIP trunk(s)
Under ‘Outgoing transport type’ – change it to UDP. Then reset. This will reset your SIP trunk(s) and disconnect any active calls.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
07-20-2019 06:15 PM
So one thing I would look at is if the phones connection to CUCM is being force closed by the firewall. It's been a few years, but I remember an issue where the phones would silently have to "re-register" in a sense to the CUCM server because it wasn't sending enough keep-alive traffic to keep the connection active.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
07-22-2019 02:36 AM
Is there any NAT going on?
Are you running SIP or SCCP?
can you see the SIP/SCP/RTP in session browser?
Rob
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
07-22-2019 05:53 AM
Is there any NAT going on?
Just to the internet, but not for the devices over the VPN
Are you running SIP or SCCP?
SIP
can you see the SIP/SCP/RTP in session browser?
Yes, but because it takes a few tries for us to get a busy signal I am not sure which logs are whitch. I just turned on log at session start to see if that helps identify what is going on when. I'll report back.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
07-22-2019 02:42 PM
Hello,
Also check the logs to make sure you are not blocking/dropping any traffic.
Regards,
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
07-22-2019 02:44 PM
Updates! We switched the "Outgoing Transport Type" from TCP+UDP to UDP and that seems to have cleared up the issue. I have a support case open and a call tomorrow to talk about it, we'll see what they say.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
01-22-2020 04:56 PM
What verison of firmware on your Palo and what version of CUCM?
I'm having a very similar set of problems as we upgraded to 9.0.4
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
01-23-2020 07:52 AM
We are on 9.0.2 h4 for Palo and 11.5 for Call Manager.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
01-30-2020 07:42 PM
Hello I am having the same issue with a firewall that I upgraded to 9.0.5. can you please tell me how you switched the "Outgoing Transport Type" from TCP+UDP to UDP ?
I really appreciate your help.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report This Content
01-31-2020 06:02 AM
Here you go, this is from our Voice Engineer.
Call Manager
System -> Security -> SIP Trunk Security Profile.
Select the profile you are currently using on your SIP trunk(s)
Under ‘Outgoing transport type’ – change it to UDP. Then reset. This will reset your SIP trunk(s) and disconnect any active calls.
- Getting Panorama-Managed firewalls connected to Cortex Data Lake? in General Topics
- Looking to switch to PAN for NGFW, need insight into IPS, reporting and analytics, network visibility, etc in General Topics
- Unable to connect to a single Prisma Access gateway location with MacOS in Prisma Access Discussions
- Global protect route issue with macbook in General Topics
- Unable to connect to the Global Protect on new Windows 10 build. in GlobalProtect Discussions
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
