Hi Ivan,

Ivan Marinovic · ‎02-02-2017

Hi,

from last week, I am having problems with skype. I am unable to hear voice when I make calls with skype.

for skype to work I need to have:

All destination ports above 1024 (recommended)
or
Ports 80 and 443

all port above 1024 are not open. but 80 and 443 are definitely open but skype is able to make call but iI can't hear sound.

I don't have L7 filtering.

when I open UDP port from 10240 to 64500 skype is working ok.

does someone have this problem?

in attachment is Wireshark capture of traffic, when call is not working - unable to hear sound (first call), and other call when UDP any any is allowed and I can hear both side.

So please help!

p.s. due to safety rules I can't open all ports :-(

Regards,

Ivan

Mohammed al Baqari · ‎02-02-2017

Hi Ivan,

Skype is very difficult application to deal with when it comes to security. I spent long time understanding it and came with following conclusion.

Option 1 # you need to allow all ports above 1024 to get full functionality. Skype will register with its servers and sign it using port 443/80 (when it detects that random ports are blocked) but getting audio to work isn't possible.

Option 2 (recommended approach for enterprises) # to have web-proxy. In this case you can point skype clients to web-proxy (which can be http, https, socks) and allow connections from web-proxy as source-ip which is more secured approach. You need to type your web-proxy so that users needs to authenticate before connecting. Also, your web-proxy can be configured to allow skype only over socks.

ASA5545 and SKYPE