TCP Acked lost segment - VideoConference Setup through ASA-5520

Unanswered Question
Jul 23rd, 2008

Hello,

I am having the following issue with a videoconference call. I have an ASA-5520 in transparent firewall mode in the middle of a LAN connections between two campus.

When I remove the firewall the videoconference works fine.

When the firewall is connected the call can not be completed.

The call originating station first contacts a gatekeeper in order to establish the call. I captured the traffic between this station and the gatekeeper using a sniffer and I found that the problem is that apparently there are segments lost in the communication. This problem appears in every SYN,ACK packet received from the gatekeeper, therefore the station responds with a RST of the connection.

ASA is running software 8.0(2).

Does anybody know if there is some way to fix this issue from configuration?

I am completely sure there is no problem with access-lists and I am not inspecting H323, H225, ras, etc...

Attached is a copy of the sniffer capture.

Attachment: 
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
javiercastro Wed, 07/30/2008 - 15:42

Yes, I tried enabling inspection, disabling tcp sequence randomization.

Still not working. Any ideas?

javiercastro Wed, 08/13/2008 - 07:45

after several traffic captures gathered, I have figured out that something in the inside network is messing with the ack number. Very weird problem since I have only the Vlan interface in the 4506, everything else is L2 Switched network to the videoconference station.

Actions

This Discussion