ASA 5505 stalled SIP Connection after PPPoE reconnect

mathias.mahnke · ‎12-02-2008

Recently we changed a Linux router to a Cisco ASA 5505. We do have a dsl uplink with a PPPoE reconnect every 24 hours.

Behind the ASA at the LAN there is a SIP phone connected (Siemens SL75) to a public SIP provider in the internet (SIPgate.de).

After every PPPoE reconnect where the ASA gets a new IP adress the SIP communication (port 5060) gets stalled and the phone is unavailable / not reqisted anymore.

If I look on the CLI I see a running UDP connection in the ASA connection table:

UDP WAN:217.10.79.9/5060 LAN:LAN-phone/5060,

flags T, idle 18s, uptime 17h24m, timeout 2m0s, bytes 5975382

This connection is still in the table after the PPPoE reconnect / new WAN ip. If I do a "clear conn..." the SIP phone is available again / is able to register.

What I tried also: Enable and disable SIP inspection. Changed the SIP connection timeout to 2:00 min (minumum). This results, that if the phone is offline for more than 2 minutes shut down and restarted it's also able to reconnect/register (as a manual workaround as far as the "clear conn.." on the CLI).

This behaviour was not seen with the Linux router. Any hints, how to solve this problem on the ASA? Anybody else aware of such circumstances? Any better workarounds?

Regards

Mathias

mathias.mahnke · ‎12-06-2008

In the meantime I implemented a (not very nice) workaround:

[check_sip.sh]

#!/bin/sh

curl https://user:pass@asa/admin/exec/sh%20conn%20det%20add%20LAN-phone --insecure -s | grep "uptime 1D" >/dev/null && echo "CLEAR SIP" && curl https://user:pass@asa/admin/exec/clear%20conn%20addr%20LAN-phone --insecure -o /dev/null -s

Running once a minute from a Linux crond.

Regards

Mathias