We provide enterprise VOIP to a group of customers with our Callmanagers located at two Network Operations Centers. We are in an IP only environment (no PBXs, gateways, etc). Both NOCs and Callmanagers reside behind a firewall. All sites connect to the NOCs without a local firewall, with the exception of one. VOIP functions properly for all sites except the site with the local ASA firewall. The local firewall ruleset allows IP from anyone to anyone (political thing...they don't feel comfortable removing their legacy firewall completely yet). Phones residing behind the site customer firewall experience a ~5 second lag answering, placing, and terminating phone calls. Once the call is answered and it finally "picks up," VOIP traffic passes properly and the quality of the call is good. When the receiver is hung up, there is approximately a 5 second delay before the phone actually hangs up. The same lag exists for placing calls in that the user must wait 5 seconds before presented a dial tone. The lag described above also exists between phones at the same site. A central router at the site NATs the IP addresses of the phones supporting two customers (customer A and customer B). Customer A's phones function properly (no firewall) while customer B's do not (firewall). Customer B's firewall is not performing any type of NAT. The logging set to debugging on the site firewall has not produced any hints or signals as to what the problem is.
Has anyone seen this problem before? I do not readily have the software version of the ASA. Thanks in advance for any assistance provided.
Are you in a position to physically connect a phone outside of the firewall and place a call just to confirm the issue is actually firewall related. Please see the below link .. it suggests routing loops as a possibility for dial tone delay.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :