VOIP / H323 Connections Being dropped after 40 Seconds

Answered Question

Hello!

We've just installed a pair of failover 515Es to a site, and since the install, their remote IP Telephony users can't get a call to last more than about 40-50 seconds.

Here are some logs for an example connection:

The Server is behind the firewall on 10.133.8.205

The IP Phone is Outside on 10.134.2.173

%PIX-6-302015: Built inbound UDP connection 8592979 for outside:10.134.2.173/32514 (10.134.2.173/32514) to inside:10.133.8.205/32548 (10.133.8.205/32548)

%PIX-6-302020: Built ICMP connection for faddr 10.134.2.173/0 gaddr 10.133.8.205/0 laddr 10.133.8.205/0

%PIX-6-302004: Pre-allocate H323 UDP backconnection for faddr 10.134.2.173/32514 to laddr 10.133.8.205

%PIX-6-302004: Pre-allocate H323 UDP backconnection for faddr 10.134.2.173/32515 to laddr 10.133.8.205

%PIX-6-302021: Teardown ICMP connection for faddr 10.134.2.173/0 gaddr 10.133.8.205/0 laddr 10.133.8.205/0

%PIX-6-302015: Built outbound UDP connection 8592994 for outside:10.134.2.173/32515 (10.134.2.173/32515) to inside:10.133.8.205/32549 (10.133.8.205/32549)

%PIX-6-302016: Teardown UDP connection 8592994 for outside:10.134.2.173/32515 to inside:10.133.8.205/32549 duration 0:00:39 bytes 1400

%PIX-6-302016: Teardown UDP connection 8592993 for outside:10.134.2.173/32515 to inside:10.133.8.205/0 duration 0:00:41 bytes 0

%PIX-6-302016: Teardown UDP connection 8592992 for outside:10.134.2.173/32514 to inside:10.133.8.205/0 duration 0:00:41 bytes 0

%PIX-6-302016: Teardown UDP connection 8592991 for outside:10.134.2.173/0 to inside:10.133.8.205/32548 duration 0:00:41 bytes 0

Can Anyone please advise what might be the problem?

Cheers,

Nick

I have this problem too.
0 votes
Correct Answer by swharvey about 9 years 8 months ago

Hello Nick,

What version of OS are you running on your 515E PIX's? I can't speak directly to your H323 problem, but I will share an odd problem we encountered on our ASA5520's running 7.2(2) and SCCP (skinny) VoIP. We found that if the inspect skinny eq 2000 was inabled, our call control would randomly break causing the remote phones that connected via vpns that terminated on the ASA's to reboot.

By disabling inspection of the Skinny port our problem stopped. You may want to investigate the H323 inspection configuration for your particular problem.

Ultimately if that resolves the problem, I suggest opening a TAC case as it is best to have the inspection enabled for VoIP traffic.

Good luck!

-Scott

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
swharvey Wed, 01/31/2007 - 09:45

Hello Nick,

What version of OS are you running on your 515E PIX's? I can't speak directly to your H323 problem, but I will share an odd problem we encountered on our ASA5520's running 7.2(2) and SCCP (skinny) VoIP. We found that if the inspect skinny eq 2000 was inabled, our call control would randomly break causing the remote phones that connected via vpns that terminated on the ASA's to reboot.

By disabling inspection of the Skinny port our problem stopped. You may want to investigate the H323 inspection configuration for your particular problem.

Ultimately if that resolves the problem, I suggest opening a TAC case as it is best to have the inspection enabled for VoIP traffic.

Good luck!

-Scott

swharvey Thu, 02/01/2007 - 07:37

Glad to hear it. If possible I highly suggest you upgrade to 7.2(2), which I believe is the latest release. Cisco fixed some major bugs with that version, and may very well have addressed the h323 inspection problem you are experiencing.

I'm not an expert by any means on the inspection engine functions, but from what I understand, enabling h323 protocol inspection (or any protocol inspection) does a deeper packet analysis to confirm the integrity of the traffic it is inspecting. I don't believe it is a critical issue not inspecting your h323, but where possible, having inspection on adds an additional layer of security.

Good luck with your upgrade and if my suggestions helped please rate!

Thanks,

-Scott

Actions

This Discussion