SIP over static nat - intermittent call drop outs

james.bennett1 · ‎01-21-2016

Hi,

I've just replcaed our Juniper SSG firewall with an ASA 5512-x. I have a static NAT rule that is Natting the phone system through to a public IP address. I don't have any outbound firewall rules setup as trust to untrust is allowed without the need.

The phone system documentation requires only the outbound static NAT rule to work as no inboundrequests from the SIP provider come in to the firewall from external(that arn't initiated internally)

The problem I have that is during an unspecified period of time I get problems with phone calls being cut off at exactly 16 minutes. What seems to fix it is if I clear connections from the command line. I need to know the cause really and am a little stuck.

I'm not using ALG as this is specified by the phone system as not to be enabled but along with this I have not made any more confuration changes.

Anyone got any pointers?

Thanks

Philip D'Ath · ‎01-21-2016

Are you using a SIP UDP trunk? Check out your timeout line:

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02

See if any of your numbers are around 16 minutes. Failing that, if you are using SIP/UDP trying changing the UDP timeout from 2 minutes to 60 minutes and see if that has any impact. If not, change the setting back.

Anything interesting appear in the log when the call terminates?

What software version are you running on your ASA?

james.bennett1 · ‎04-21-2016

I found out what was the cause of this. I'd set up a tracked route that because of the ping sensitivity settings and delays on the network calls were being rerouted over out backup line and dropping out.

I was able to identify this by the ISP call logs, I could see the other IP address.