TCP Acked lost segment - VideoConference Setup through ASA-5520
I am having the following issue with a videoconference call. I have an ASA-5520 in transparent firewall mode in the middle of a LAN connections between two campus.
When I remove the firewall the videoconference works fine.
When the firewall is connected the call can not be completed.
The call originating station first contacts a gatekeeper in order to establish the call. I captured the traffic between this station and the gatekeeper using a sniffer and I found that the problem is that apparently there are segments lost in the communication. This problem appears in every SYN,ACK packet received from the gatekeeper, therefore the station responds with a RST of the connection.
ASA is running software 8.0(2).
Does anybody know if there is some way to fix this issue from configuration?
I am completely sure there is no problem with access-lists and I am not inspecting H323, H225, ras, etc...
Re: TCP Acked lost segment - VideoConference Setup through ASA-5
after several traffic captures gathered, I have figured out that something in the inside network is messing with the ack number. Very weird problem since I have only the Vlan interface in the 4506, everything else is L2 Switched network to the videoconference station.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...