Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

PIX515 allows G.711 calls but not G.729 calls...


I try to make G.729 calls with Nortel Softphone over VPN and firewall and it's curious but voice drops after a few seconds while signalisation still good. After 1 minute with no voice the softphone application crashes. If I use G.711 codec I have no problem at all.

All ports to be opened are opened. Ports are the same when using G.711 or G.729 or whatever the codec is.

Softphone <---> VPN concentrator <---> PIX515 <---> IPBX

When using G.711 we have no logs on the PIX515. It's ok all is working fine.

When using G.729 at the time the voice drops we have a few lines of logs like this :

Deny udp src inside:@ip ipbx/5210 dst outside:@ip softphone/5200 by access-group "acl_outside"

5210 and 5200 are RTP ports.

I don't understand because if using G.711 with the same PIX configuration and access lists it doesn't block the call. No such logs.

I have already created another access-list to allow the ports indicated on the logs. Now I don't have any more logs with G.729 calls but voice stills droping after a few seconds...

Hard problem.

Any ideas ?

Community Member

Re: PIX515 allows G.711 calls but not G.729 calls...

In fact it seems that this is not a PIX515 problem because it works in this configuration :

Softphone <---> PIX515 <---> IPBX

I'm going to post in the VPN forum...

Community Member

Re: PIX515 allows G.711 calls but not G.729 calls...

Problem solved.

As said previously it's not a FW problem.

Problem with the Cisco VPN client v 4.8 using AES 128 bits encryption.

No more problem with version 5.0

CreatePlease to create content