I recently put in production a new firewall 5515X , but we had some issue related to the WoIP and the Video Calls. Our solution for Video its similar to the voip it use UDP to send the images and voice, we notice that at the begining the video calls between 2 offices (VPN site to site) cut for moments or it didnt show the image and sound,
In the case of VoIP (we use a sip provider ) we could not make outbounds calls and received calls.
After some troubleshooting we decide on disable the inspection for the SIP and ICMP after that the Voip works but the video calls didnt work anymore, we enable again the parameters for the SIP and ICMP and the video calls work and the voip no for a while.
What other test can i do in order to find the root of this? the inspection can delay or drop the packets for this 2 services?
Does it work when you do a videocall to a device on the internet ( not on the L2L vpn)
That being said I would recommend you to first add the inspections ( SIP,H323 ras and h225) and afterwards do a clear local-host ( with this we will clear al the connections previously established by the ASA so future ones will have the new inspection parameters)
If it does not work then we will need to do captures on both interfaces while the inspections are applied( If is going through the VPN tunnel then just on the inside interface)
Cap capin interface inside circular-buffer tracer match ip host x.x.x.x (local unit host) y.y.y.y (remote device)
If the other VPN endpoint it's an ASA then do the capture on their side as well.
CSC is a free support community, please take your time to rate all of the engineer's answers.
Julio Carvajal Senior Network Security and Core Specialist CCIE #42930, 2xCCNP, JNCIP-SEC
- there is not content filter in our current network.
-It doesnt work when we tried to call a device on internet. I made the clear conn protocol udp & tcp after i disable the inspection for icmp, sip, and my voip calls work, but the video calls stop to work.i enable the inspections again and it work again the video and with luck the voip calls.
This video solution its special because it needs to chante the udp timeout to at least 30 minutes.
We tested today again our internet connection but is still giving us problems, to upload to the VPN or internet is not working , we didnt see any drop or packet loss but we disable some inspect features in order to increase our internet speed and vpn speed.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :