We have recently implemented a VOIP system here and are currently having problems with remote users. Basically, they cannot have a conversation unless they keep trying and then it will work maybe on the third or fourth time.
I have checked the Syslog and there are hundreds of these messages (REMOTE-PC is the remote pc on the end of the VPN tunnel and VOIP-SERVER is the VOIP server which is located here):
Source IP: REMOTE-PC
Message: Pre-allocate SIP Via UDP secondary channel for inside:VOIP-SERVER/5060 to outside:REMOTE-PC from NOTIFY message
Source IP: VOIP-Server
Message: Pre-allocate SIP NOTIFY UDP secondary channel for outside:(REMOTE-PC)/5070 to inside:(VOIP-SERVER) from NOTIFY message
And then hundreds of these:
Source IP: REMOTE-PC
Destination IP: VOIP-SERVER
Message: Teardown UDP connection 2452936 for outside:REMOTE-PC/0 to inside:VOIP-SERVER/5060 duration 0:01:02 bytes 0
Surely all of these 0 byte connections that are lasting around "1 minute 2 seconds" to "2 minutes 3 seconds" are all highlighting problems (possibly)? The 2 minute connections I can understand slightly as the UDP timeout is still at the default 2 minutes, though I have no idea what the 1 minute teardowns are. Why would all of these "Pre-allocate SIP via UDP secondary channel" connections keep timing out?
access-list inside_access_in extended permit udp any any
This is happening for a lot of locations. As stated above, connections eventually get established correctly and voice passes between client and server (so it doesn't seem like an outright DENY), but this usually takes multiple attempts before successful.
If I run a "show conn state sip" command, I get the following:
UDP out REMOTE-PC:5070 in VOIP-SERVER:0 idle 0:01:26 flags Ti
Flags Ti mean SIP (T) and incomplete (i). Why is everything incomplete, thus timing out?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :