cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5686
Views
0
Helpful
6
Replies

Video Conference timeout after 2 hours

Chris Driggers
Level 1
Level 1

I'm having a problem where video conferences are timing out after 2 hours and 12 minutes consistently.  I've located a number of solutions for adjusting the h323 timer on a PIX in order to solve this problem.  My issue, is that I don't have a PIX, but a 3845 router running IOS

How can I perform the equivalent command on IOS that you would perform on a PIX, which is:

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 0:00:00
timeout h323 16:00:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
6 Replies 6

Kevin Redmon
Cisco Employee
Cisco Employee

Chris,

Just to confirm, what IOS firewall are you using?  If you are using CBAC, 'ip inspect tcp idle-time ' may be what you are looking for.  If you are using ZBF, the command would be 'tcp idle-time'.  Consider the links below:

CBAC 'ip inspect tcp idle-time':

http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_i2.html#wp1050108

ZBF 'tcp idle-time':

http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_t1.html#wp1059257

By default, these are set to 3600 seconds.

If this addresses your question, please let us and other NetPro users know by marking this question as answered.

Best Regards,

Kevin

I do not think this is a tcp idle timeout issue?  I am currently experiencing the same problems with an inter company Pix firewall which I do not have access to.  what version IOS are you running?

I also ran into the same problem 6 years back - The VC would time-out after 1:59:59.  Along with the session timing out because it had reached 2 hour mark, hitting the mute button on the VC unit also caused the session to drop.   The  FW at that time was a Checkpoint and an upgrade to SP3 fixed the issue.  

The dafult TCP timeout setting of 1 hour is being talked about here is for an "idle connection"

please increase the tcp idle timeout to more than 2 hrs. this happens in stateful firewalls as in video conferencing every 2 hrs a packet(something like keep alive) is sent, i dont exactly remember the name but i think it happens on port 1720 or something like that. so if the timeout is less than 2 hrs the keep alive is droped and connection terminates

one option would be allowing the ports required for video conferencing in both directions

paul.pink
Level 1
Level 1

The tcp idle timeout is not the problem:

Polycom sends a H.225 packet at just after the two hour mark during an active call. If the H.225 port was closed by the firewall due to inactivity the Polycom will not get a response and drop the call. Set your H.225 timeout to something higher than 2.5 hours and all will be well.


By default the ASA/FWSM gets the following timeout lines.

timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute

BTW, the one I would be suspect of is the timeout conn 1:00:00 which by default closes a session after an hour.


exactly, that is what i was refering to and i have seen it happen before when the conn timeout is less than 2 hrs

Hi Chris,

How did you fix this issue?

--

Filippo

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: