07-23-2007 01:51 AM - edited 03-11-2019 03:47 AM
Hi there,
We have recently implemented a VOIP system here and are currently having problems with remote users. Basically, they cannot have a conversation unless they keep trying and then it will work maybe on the third or fourth time.
I have checked the Syslog and there are hundreds of these messages (REMOTE-PC is the remote pc on the end of the VPN tunnel and VOIP-SERVER is the VOIP server which is located here):
Syslog: 607001
Source IP: REMOTE-PC
Message: Pre-allocate SIP Via UDP secondary channel for inside:VOIP-SERVER/5060 to outside:REMOTE-PC from NOTIFY message
And then:
Syslog: 607001
Source IP: VOIP-Server
Message: Pre-allocate SIP NOTIFY UDP secondary channel for outside:(REMOTE-PC)/5070 to inside:(VOIP-SERVER) from NOTIFY message
And then hundreds of these:
Syslog: 302016
Source IP: REMOTE-PC
Destination IP: VOIP-SERVER
Message: Teardown UDP connection 2452936 for outside:REMOTE-PC/0 to inside:VOIP-SERVER/5060 duration 0:01:02 bytes 0
Surely all of these 0 byte connections that are lasting around "1 minute 2 seconds" to "2 minutes 3 seconds" are all highlighting problems (possibly)? The 2 minute connections I can understand slightly as the UDP timeout is still at the default 2 minutes, though I have no idea what the 1 minute teardowns are. Why would all of these "Pre-allocate SIP via UDP secondary channel" connections keep timing out?
The only switches SIP related are:
inspect sip
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
The UDP switches are:
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
ipsec-udp disable
access-list inside_access_in extended permit udp any any
This is happening for a lot of locations. As stated above, connections eventually get established correctly and voice passes between client and server (so it doesn't seem like an outright DENY), but this usually takes multiple attempts before successful.
If I run a "show conn state sip" command, I get the following:
UDP out REMOTE-PC:5070 in VOIP-SERVER:0 idle 0:01:26 flags Ti
Flags Ti mean SIP (T) and incomplete (i). Why is everything incomplete, thus timing out?
Any help or advice is highly appreciated.
Regards
radwayscisco
07-23-2007 07:22 AM
I've worked out an answer that seems to hang together properly now.
Thanks
07-23-2007 01:55 PM
hi,
please share your answer/discovery as it might help others with similar or same case.
thank you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide