TCP Acked lost segment - VideoConference Setup through ASA-5520

Unanswered Question
Jul 23rd, 2008
User Badges:


I am having the following issue with a videoconference call. I have an ASA-5520 in transparent firewall mode in the middle of a LAN connections between two campus.

When I remove the firewall the videoconference works fine.

When the firewall is connected the call can not be completed.

The call originating station first contacts a gatekeeper in order to establish the call. I captured the traffic between this station and the gatekeeper using a sniffer and I found that the problem is that apparently there are segments lost in the communication. This problem appears in every SYN,ACK packet received from the gatekeeper, therefore the station responds with a RST of the connection.

ASA is running software 8.0(2).

Does anybody know if there is some way to fix this issue from configuration?

I am completely sure there is no problem with access-lists and I am not inspecting H323, H225, ras, etc...

Attached is a copy of the sniffer capture.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
a.alekseev Wed, 07/23/2008 - 08:48
User Badges:
  • Gold, 750 points or more

have you tried to enable inspection H323, H225, ras?

javiercastro Wed, 07/30/2008 - 15:42
User Badges:

Yes, I tried enabling inspection, disabling tcp sequence randomization.

Still not working. Any ideas?

javiercastro Wed, 08/13/2008 - 07:45
User Badges:

after several traffic captures gathered, I have figured out that something in the inside network is messing with the ack number. Very weird problem since I have only the Vlan interface in the 4506, everything else is L2 Switched network to the videoconference station.

Farrukh Haroon Wed, 08/13/2008 - 10:43
User Badges:
  • Red, 2250 points or more

So have you managed to resolve this issue?




This Discussion