Over three hours on the phone to PA support this morning got it sorted. My applictation override rules were not working, as they were pointing at predefined applications. Custom Apps for both SIP and RTP were created which then started to allow some RTP through. We were still getting quite a few calls with no audio (some were coming through). The PA engineer discovered that this was due to us using the dynamic-ip-and-port option in our outgoing source translation. Changing this to static-ip fixed it. Here's what my working setup looks like; Security Rules; NAT Rules; Application Override Rules; Custom SIP Application; Custom RTP/RTCP Application; Hope this helps anybody experiencing similar problems. PA have taken a support dump, so may have a more elegant fix at some point.
... View more
Hi again. I've seen the failed NAT and when it happens: This is a connection RTP from a phone to our telephony provider, and it works: 67130 rtcp ACTIVE FLOW NS 10.42.38.250/LAN/17 (184.108.40.206) vsys1 220.127.116.11/INTERNET (18.104.22.168) But, after that, another connection using the same source port, it doesn't work: 127233 rtcp ACTIVE FLOW 10.42.56.253/LAN/17 (10.42.56.253) vsys1 22.214.171.124/INTERNET (126.96.36.199) Most of the situations: it fails with ports 3000 and 3001. Thank you.
... View more