Trying to understand ASA and SCTP

hoffa2000 · ‎09-29-2015

Hi all

I'm working along a PBX/VOIP operator trying to get a corporate VOIP setup to work. I'm not a VOIP guy and there are some things that leaves me clueless when it comes to how my ASA 5525 9.3(3) handles some of the VOIP traffic. In particular the dedicated VOIP protocol called SCTP, after some googling I understand it's an IP protocol (132) and doesn't seems to be logged by the ASA, it's visbile when I do a packet capture though.

Now, my setup is a PBX with network connection at two of my sites that are connected over VPN. VPN is up and everything seems fine so far. On each site the network hosting the PBX is directly connected to the firewalls, ping to and from the PBXs are ok. The PBX does however not have SCTP connectivity, when I capture the traffic at each end I see that the "master" PBX at site #1 is sending INIT packets to the PBX at site #2 and the #2 PBX is sending ACK packets but these are never seen by the capture at firewall #1.

No logs, nothing dropped. I don't understand. Does anyone have any pointers?

Regards

Fredrik

rvarelac · ‎09-29-2015

Hi Fredrik ,

If your concern is if the ASA might be dropping this SCTP traffic , you can place an ASP capture on the ASA and filter the output.

Example:

capture asp type asp-drop all

Show capture asp | incl < PBX IP address>

If the capture it cleans , this indicate this problem might be beyond the ASA.

Hope it helps

-Randy-

hoffa2000 · ‎09-29-2015

Hi Randy

I'll keep this command handy next time the PBXs can't establish a connection.

The thing that freaks me out is that yesterday, when I had the SCTP connection problems, I did a manual failover between the two ASA5525 I have at my #1 site and after that the PBX connections came up.

I mean really? A failover between two identical units where the only difference is that they are in two different switches. Doesn't make sense.

/Fredrik