cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
326
Views
0
Helpful
1
Replies

ASA Firewall VOIP Issue

efairbanks
Level 1
Level 1

We provide enterprise VOIP to a group of customers with our Callmanagers located at two Network Operations Centers. We are in an IP only environment (no PBXs, gateways, etc). Both NOCs and Callmanagers reside behind a firewall. All sites connect to the NOCs without a local firewall, with the exception of one. VOIP functions properly for all sites except the site with the local ASA firewall. The local firewall ruleset allows IP from anyone to anyone (political thing...they don't feel comfortable removing their legacy firewall completely yet). Phones residing behind the site customer firewall experience a ~5 second lag answering, placing, and terminating phone calls. Once the call is answered and it finally "picks up," VOIP traffic passes properly and the quality of the call is good. When the receiver is hung up, there is approximately a 5 second delay before the phone actually hangs up. The same lag exists for placing calls in that the user must wait 5 seconds before presented a dial tone. The lag described above also exists between phones at the same site. A central router at the site NATs the IP addresses of the phones supporting two customers (customer A and customer B). Customer A's phones function properly (no firewall) while customer B's do not (firewall). Customer B's firewall is not performing any type of NAT. The logging set to debugging on the site firewall has not produced any hints or signals as to what the problem is.

Has anyone seen this problem before? I do not readily have the software version of the ASA. Thanks in advance for any assistance provided.

Please reference the attached Visio diagram.

-Erik

1 Reply 1

Fernando_Meza
Level 7
Level 7

Hi,

Are you in a position to physically connect a phone outside of the firewall and place a call just to confirm the issue is actually firewall related. Please see the below link .. it suggests routing loops as a possibility for dial tone delay.

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/admin/5_1_3/ccmfeat/fsclthrt.html

Just a thought !!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: