Voice Call Signalling Issues - Hold, Transfer, Call Pick-up all randomly fail

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Voice Call Signalling Issues - Hold, Transfer, Call Pick-up all randomly fail

L1 Bithead

At a handful of locations when someone calls in and the staff go to pick-up the call it does not pick-up and continues to ring on other phones in the office. When they place someone on hold, sometimes it does not come off hold and they call is dropped. When they transfer someone it does not always transfer the call.

 

Cisco Call Manager shop.


We have SIP ALG disabled, does not seem to help.

 

This is at a remote location with excellent response time and no packet loss. 

 

The location is connected back to the main office over a VPN tunnel from the Palo to an ASA at the corp office. The call manager is at the corp office where the phones register too.

 

No NAT is in use.

 

If I put the old ASA back in place at the remote office it works fine.

6 REPLIES 6

Cyber Elite
Cyber Elite

Everything you describe seems to be affected by call control vs the audio.

 

What do the logs show for the firewall. 

Are you using AppID rules or do you have a range of ports opened up.

What do you see for logs on the CM when this is occuring.

 

Can you plug a phone into an available (and configured interface/maybe new zone on the FW) and see if it works, without sending traffic through the VPN.

 

 

 

Help the community: Like helpful comments and mark solutions

For now we allow everything through the VPN, service is set to "any". Is that what you are asking? Not sure on the logs for the CM side, I'll get the info tomorrow from the voice engineer. In order for the phone to register with the CM at this remote site it has to go over the VPN. If I switch back to my old ASA, things are fine. I have other palo altos at other sites with the exact same configuration and hardware setup and no issues.Just this site and one other.

@pstraatsma,

Do you have any profiles (URL Filtering, Threat, Antivirus) set to the rule allowing this traffic or not? What you are talking about is all in actual control traffic as @SCantwell_IM mentioned. You might want to also enable logging on the interzone-default policy and ensure that your applications are actually being identified properly and you aren't silently dropping any of the traffic. 

No URL, no Threat, no Antivirus between the two zones. I'll turn on interzone logging and see what I get.

Have you had any resolution. 

 

We had the same issue we moved out call manager behind a PA and have had nothing but trouble. 

Howdy @ChrisGapske, lets chat!

 

We are here to assist.

 

What issue(s) are you seeing?  Can you provide a current issue (with screen captures of policies, logs, etc., that will help us to work together?   I personally have implemented many FWs with Avaya CM and Cisco CM, and have been able to resolve their issues.  Some, if not most, is understanding the traffic flow, and how the PANW handles this traffic... so end customer knowledge transfer (more than FW doing something incorrectly) seems to be the common thread.

 

Are phones registering fine?  Does transfers work or not.

The more details you have, the better.

 

The question I have.. is it now still broke... or did you take the CM from behind the FW? 
If you already have moved it.. it is hard to tshoot what the issue would have been.

 

Again, we are here if you need us!

 

 

Help the community: Like helpful comments and mark solutions
  • 4095 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!