01-21-2016 08:33 AM - edited 03-08-2019 03:29 AM
Hi,
I've just replcaed our Juniper SSG firewall with an ASA 5512-x. I have a static NAT rule that is Natting the phone system through to a public IP address. I don't have any outbound firewall rules setup as trust to untrust is allowed without the need.
The phone system documentation requires only the outbound static NAT rule to work as no inboundrequests from the SIP provider come in to the firewall from external(that arn't initiated internally)
The problem I have that is during an unspecified period of time I get problems with phone calls being cut off at exactly 16 minutes. What seems to fix it is if I clear connections from the command line. I need to know the cause really and am a little stuck.
I'm not using ALG as this is specified by the phone system as not to be enabled but along with this I have not made any more confuration changes.
Anyone got any pointers?
Thanks
01-21-2016 11:38 AM
Are you using a SIP UDP trunk? Check out your timeout line:
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02
See if any of your numbers are around 16 minutes. Failing that, if you are using SIP/UDP trying changing the UDP timeout from 2 minutes to 60 minutes and see if that has any impact. If not, change the setting back.
Anything interesting appear in the log when the call terminates?
What software version are you running on your ASA?
04-21-2016 01:03 AM
I found out what was the cause of this. I'd set up a tracked route that because of the ping sensitivity settings and delays on the network calls were being rerouted over out backup line and dropping out.
I was able to identify this by the ISP call logs, I could see the other IP address.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide