https://community.cisco.com/t5/network-security/h-323-calls-disconnecting-by-tcp-idle-timeout/m-p/1869626#M492721 <HTML><HEAD></HEAD><BODY><P>Hi Michael,</P><P></P><P>How often do the endpoints send keepalive packets across the TCP/1720 control channel? If the keepalives aren't sent at least once an hour, the idle timeout will kick in and tear down the control channel. </P><P></P><P>You'll just need to determine the interval of the keepalives and adjust the timeout accordingly.</P><P></P><P>-Mike</P></BODY></HTML> Tue, 22 Nov 2011 21:07:23 GMT mirober2 2011-11-22T21:07:23Z https://community.cisco.com/t5/network-security/h-323-calls-disconnecting-by-tcp-idle-timeout/m-p/1869625#M492719 <P>We are running "ip inspect" on a 3941 router with IOS version15.2(1)T1. We enabled inspection for H.323 :</P><P></P><P>ip inspect name iosfw h323</P><P>ip inspect name iosfw h323-nxg</P><P>ip inspect name iosfw h323-annexe</P><P></P><P>We are using the default TCP idle-timeout</P><P></P><P>3945-Router#sh ip inspect config | in tcp</P><P>max-incomplete tcp connections per host is 50. Block-time 2 minutes.</P><P>tcp synwait-time is 30 sec -- tcp finwait-time is 5 sec</P><P>tcp idle-time is 3600 sec -- udp idle-time is 120 sec</P><P>tcp reassembly queue length 16; timeout 5 sec; memory-limit 1024 kilo bytes</P><P>&nbsp;&nbsp;&nbsp; tcp alert is on audit-trail is off timeout 3600</P><P></P><P>After we establish a H.323 call I can see that the inspection process starts the idle timmer on port 1720/TCP and the call is disconnected after an hour with the following log:</P><P></P><P>%FW-6-DROP_PKT: Dropping h323 session x.x.x.x:17174 y.y.y.y:1720&nbsp; due to&nbsp; Segment matching no TCP connection with ip ident 7154 tcpflags 0x5004 seq.no 3486961044 ack 0</P><P></P><P>This is the sessios incrementing the Last Heard timer:</P><P>Session 1C1FB8C (x.x.x.x:17168)=&gt;(y.y.y.y:1720) h323 SIS_OPEN</P><P> Created 00:04:07, Last heard 00:04:07</P><P> Bytes sent (initiator:responder) [255:323]</P><P> Out SID y.y.y.y[1720:1720]=&gt;x.x.x.x[17168:17168] on ACL outbound</P><P> In&nbsp; SID y.y.y.y[1720:1720]=&gt;x.x.x.x[17168:17168] on ACL inbound&nbsp; (9 matches)</P><P></P><P></P><P>I played around with the H323 timeout and the TCP idle-timout , this is how I found that the default TCP idle-timeout was causing the disconnect. If I set that timmer to 5min the call disconnects in 5 minutes. </P><P></P><P>Has anyone come across this problem and be willing to share how they have addressed it. I am continuing to troubleshoot the problem but thought I would post it out there to ask.</P><P></P><P>Thanks,</P><P>--MG</P> Mon, 11 Mar 2019 21:53:38 GMT https://community.cisco.com/t5/network-security/h-323-calls-disconnecting-by-tcp-idle-timeout/m-p/1869625#M492719 mikegatti 2019-03-11T21:53:38Z https://community.cisco.com/t5/network-security/h-323-calls-disconnecting-by-tcp-idle-timeout/m-p/1869626#M492721 <HTML><HEAD></HEAD><BODY><P>Hi Michael,</P><P></P><P>How often do the endpoints send keepalive packets across the TCP/1720 control channel? If the keepalives aren't sent at least once an hour, the idle timeout will kick in and tear down the control channel. </P><P></P><P>You'll just need to determine the interval of the keepalives and adjust the timeout accordingly.</P><P></P><P>-Mike</P></BODY></HTML> Tue, 22 Nov 2011 21:07:23 GMT https://community.cisco.com/t5/network-security/h-323-calls-disconnecting-by-tcp-idle-timeout/m-p/1869626#M492721 mirober2 2011-11-22T21:07:23Z