Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2522
Views
0
Helpful
6
Replies

SIP trunk ideal / Timeout issue with ASA firewall

vinayak2010
Level 1
Level 1

‎07-15-2014 10:34 PM - edited ‎03-11-2019 09:28 PM

Hi,

We are having SIP trunk for Enterprise LYNC Voice functionality. The LYNC servers are behind ASA firewall. when the call is initiated traffic comes via SIP trunk to firewall & then to LYNC servers & to users using LYNC client on system.

 

We are facing issue like during starting hours of business , we observe that SIP trunk being ideal. means when we try to call from outside to LYNC client in our network , call is not successful. when trying for 3-4 times continuously call gets connected & then it start working normally .

 

i want to detect why call is not connecting in 1st attempt ?  when we check logs on firewall, when the 1st call initiated we didn't see any SIP/RTP traffic on firewall & once call connected RTP traffic seems flowing normally .

 

The SIP timeout values are default (30 mins)

 

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
  inspect sip

 

I checked some cisco documentation where cisco advice to configure layer 7 SIP OPTIONS ping . but i am not sure how to configure that.

Can anyone help me out with this issue ?

 

Labels:
0 Helpful
6 Replies 6

nkarthikeyan
Level 7
Level 7

‎07-16-2014 03:20 AM

Vinayak,

You can try configuring Qos in ASA to prioritize the voice traffic.

 

Regards

Karthik

0 Helpful

vinayak2010
Level 1
Level 1
In response to nkarthikeyan

‎07-16-2014 03:25 AM

Hi Karthik,

 

The QOS is already configured on EDGE switch where the SIP trunk & firewall connected. the call flow works fine but facing issue only connecting for the 1st time.

0 Helpful

nkarthikeyan
Level 7
Level 7
In response to vinayak2010

‎07-16-2014 03:30 AM

Hi Vinayak,

Do you have the Qos set in ASA for the same? We have the similar setup working fine with the Qos setup in switches as well as on the ASA, which flows through the tunnel.

 

Regards

Karthik

0 Helpful

vinayak2010
Level 1
Level 1
In response to nkarthikeyan

‎07-16-2014 03:34 AM

Hi Karthik,

i am not sure about QoS on firewall . can you please tell me how to implement qos on firewall.

0 Helpful

nkarthikeyan
Level 7
Level 7
In response to vinayak2010

‎07-16-2014 04:09 AM

Hi Vinayak,

You can refer the below mentioned document for your scenario if that helps.

http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/82310-qos-voip-vpn.html

 

Regards

Karthik

0 Helpful

sahib
Level 1
Level 1
In response to nkarthikeyan

‎11-03-2017 03:03 PM

yes.

object-group service sip udp
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
inspect sip

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card