cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Cisco Community Designated VIP Class of 2020

856
Views
0
Helpful
3
Replies
Highlighted
Beginner

ASA and call timeouts

Dear Sir,

 

I am using two Polycom Devices , models are Group 500 and Debut . These devices are under Cisco ASA 5525 Firewall. There is no error with Group 500 . But when I use Debut calling, video call is automatically drop in exactly every 5 minutes. So I suspect that ASA firewall default setting have timeout value.

======================================================================

***** Original / default *****

timeout xlate 3:00:00
timeout pat-xlate 0:00:30
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute          
timeout tcp-proxy-reassembly 0:01:00
timeout floating-conn 0:00:00
dynamic-access-policy-record DfltAccessPolicy

 =========================================================================

So I changed to following values

timeout sunrpc 96:00:00 h323 96:00:00 h225 96:00:00 mgcp 96:00:00 mgcp-pat 96:00:00
timeout sip-provisional-media 0:02:00 uauth 3:00:00 absolute

Even though call is still drop in exactly every 5 minutes.

Could please advice to fix this problem. Thanks in advance.

 

Everyone's tags (4)
3 REPLIES 3
Advisor

Does anything appear in the

Does anything appear in the firewall logs related to the event?

Participant

You could also do a packet

You could also do a packet capture on the ASA to see what is coming in and 'not' being responded to after 5 mins.

Are they both using the same protocol, H.323 or SIP?

Is it possible that encryption is involved?

Beginner

issue was solved , TCP keep alive

issues was solved, End point don't send the TCP keep alive message. Device developer confirm their device don't send the tcp keep alive. F5 is full proxy and drop the connection TCP time interval is reach because TCP keep alive is not arrive. So, I amend the TCP keep alive time interval from 5 minutes to 1 hour.

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here