Video conferences disconnecting at 2 hours

JimSJ · ‎10-29-2008

I have a new customer running an ASA 5520 who runs videoconferences from inside to external sites and the reverse using H.323. Everything works fine until the conference is up for 2 hours, then without exception, whatever type of conference it is (inbound or outbound) or whichever videoconferencing unit is in use, it disconnects the session. It can be immediately re-established and runs fine for another 2 hours, then it drops again, etc, etc. The conferences are direct, no gatekeeper or RAS involved.

The 5520 is acting as a firewall with overload NAT on its outside interface. I'm more of a voice person, and I haven't been able to find documentation about any kind of timeout that might cause this, so wanted to see if some of you security guys could lend your expertise as to any possible causes.

Thanks!

J

rmeans · ‎10-30-2008

Regrading the firewall. Have you checked your timeout values . Below are some default timeout values. None are set to 2 hours.

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

Do you have any firewall logs? Examine the syslogs related to your conference. What is the reason for the disconnect?

Rick

tpetersn · ‎12-23-2008

What version of the ASA OS are you running?

Todd