Hi

I am not sure about how the phones talks to the Server, but as of my knowledge, IPSEC tunnel may have problem with mutlicast protocols, why dont you try enabling GRE tunnel over IPSEC?

it may helps

Regards

Reddy

Any luck fixing this? I'm having a similar issue.

Yes, I opened a TAC case about this last year, and the Engr and I found via packet captures that there was a bug that caused the skinny packet inspection to send packets out of order. Cisco implemented a bug fix in newer code. We have since upgraded to 7.2.3 and that solved our problem.

What version of code on you running?

Help this helps for you.

Interesting...so even with routing the traffic via the VPN the skinny packet inspection was an issue? I'm running 7.2.2 on the remote ASA and 12.4.11XJ on my CME router, so you might have hit the nail on the head.

I also realized last night that my IPSEC lifetime values were mismatched (defaults differ between ASA and router) and that one end was forcing a rekey every 60 min, so I adjusted them to match.

We'll see how it runs and use your fix as the next runner up. Big thanks for the reply.

Yes we had specific problems with VPN skinny traffic that terminated on the ASA hub firewall. I believe the fix for the skinny inspection bug was fixed after 7.2.2(8), but that was months ago. Also, your timer mismatches can be an issue as your tunnels may drop during rekeying, causing the phone to drop rtp streams and re-register.

I found with our problem that I was able to repeat the problem by having the remote phone setup a conference call. The moment the second call arrived to the phone, it reset and was a repeatable problem.

I hope this helps...

-Scott

Good test!

Thanks again!!