Yes, this would typically indicate that something is blocking the h225 traffic from the endpoint to the vcs and that there appears to be some control and more likely keepalive packet on that session.
Now, why an hour? The default behavior for TC based endpoints is that in there is no h225 keepalive prior to TC6 and in TC6 and later, it defaults to two hours. The keepalive for these devices is on the H245 session and is sent ever 30 seconds. You can see this information in the release-note for CSCub20591.
You do not specify what the endpoints are but the output snippet you have for the H323MCS_EndSessionCommand output is from a TC based codec at location 2. You could run a tcpdump on that endpoint to look at the tcp exchange with the vcs; something like this "tcpdump -s0 -w /tmp/h323.pcap host and tcp" to get a better idea of what is happening.
Now, it does not have to be a firewall. There are other tcp aware devices that could be in the path. For example, WAAS. One clue may be that if the tcp ack in the packet exchange from the location 2 device seems to be much quicker than what you expect for the RTT to the vcs, than that would indicate likely something again in the middle that is tcp aware. You can get an idea of the expected RTT from the codec through the "systemtools network traceroute" command.
Yes, you are seeing something in the middle which is generating the TCP RST towards both ends. I would say there is your proof that there is a TCP/H225 aware device in the middle that is timing out the session after an hour. Since it thinks that the session is no longer active, it appears to be cleaning it up on both sides as it removes the TCP information from its table.
Since you have captures from both side, you may be able to tell on which side of the tunnel is this possibly coming from based upon the response time of the TCP ACKs during the session.
If you can find out what it may be there is likely a way to tune it to either ignore the h225 traffic. Or extend the timeout to something greater than 2 hours while running TC6.0 or later on the codecs.
Sucedia que un Supervisor via Finesse necesitaba ingresar a una llamada activa de un Agente, función que se denomina Silent Monitoring, Monitoreo Silencioso.
Cuando queria el Supervisor ingresar por esta funcion salio este error:
Adjunto un documento que muestra a grandes rasgos el procedimiento que le permite a un usuario final acceder al manejo de sus correos de voz usando su Navegador Web.
El componente utilizado fue el Cisco Unity Co...
Luego de un Upgrade de CUCM, version 9.1 a version 11.5, el servicio Extension Mobility Cross Cluster (EMCC) produce falla en IP Phones, ejemplo Cisco 7940.
La falla es que al intentar acceder al servicio de EMCC se ve un mensaje de error en la p...