Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1526
Views
0
Helpful
5
Replies

SX80 registration expired on VCS-C

mjawadsiddiqui
Level 1
Level 1

‎07-26-2016 08:48 PM - edited ‎03-18-2019 06:10 AM

We recently installed a new SX80 which is behind the firewall and we have all ports from source (x.x.x.x) to destination (VCS-C) opened. SIP registration works fine so SIP calling. however, H.323 registration is rejected, we see on the firewall log software that UDP/1719 is being denied but firewall team insists that all ports are opened and they do not see anything on fw. can anyone guide if this is something related to H323 inspection on ASA or have anyone faced the similar issue? or is this something related to re-registration timer? we have other devices (polycoms & SX10/20/80) with no issues, the only difference with this new SX80 is this is behind firewall. SX80 shows h.323 registration as rejected. I have configured E.164 ID as well as alias which is standard on other units as well.

Event: Terminated By Inspection Engine
Payload Log:
 
<164>Jul 26 2016 14:08:12: %ASA-4-507003: udp flow from INSIDE:x.x.x.x/1719 to Extranet:z.z.z.z/1719 terminated by inspection engine, reason - inspector disconnected, dropped packet.
Labels:
0 Helpful
5 Replies 5

Wayne DeNardi
VIP Alumni
VIP Alumni

‎07-26-2016 10:23 PM

All H.323 Packet Inspection should be turned off on your firewalls - the packet inspection will cause you no end of headaches and issues such as this.

Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.

Wayne

Please remember to mark helpful responses and to set your question as answered if appropriate.

0 Helpful

mjawadsiddiqui
Level 1
Level 1
In response to Wayne DeNardi

‎08-02-2016 06:52 PM

Hi Wayne,

We have H.323 and SIP inspection turned off on firewall but issue is still persists. We have all ports from Endpoint to VCS-C and EXpressway-C are opened. From the firewall logs we see there is no packet drops but registration using h.323 still failing. we can see that VCS-C is not receiving h323 registration request but same time firewall is open. Any idea?

0 Helpful

Wayne DeNardi
VIP Alumni
VIP Alumni
In response to mjawadsiddiqui

‎08-02-2016 06:56 PM

Have you confirmed that you have H.323 turned on on the SX80?

What software version are you running on the SX80?  Some of the earlier software releases only allowed SIP or H.323, but not both.  Newer software releases allow dual registration.

Are you still seeing the registration issue on your firewall like you posted earlier?

Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.

Wayne

Please remember to mark helpful responses and to set your question as answered if appropriate.

0 Helpful

mjawadsiddiqui
Level 1
Level 1
In response to Wayne DeNardi

‎08-02-2016 07:06 PM

Yes, H.323 is turned ON.

I had CE8.1.1 before, just changed to TC7.3.6 (Latest) software but still same issue. 

No, we are not seeing inspection engine on fw blocking h323 after disabling h323 inspection. 

0 Helpful

Wayne DeNardi
VIP Alumni
VIP Alumni
In response to mjawadsiddiqui

‎08-02-2016 07:38 PM

Is your firewall doing any NAT, and, if so, have you configured the NAT settings correctly on the endpoint?

Are you able to provide more information on the connectivity, and/or any logs from the endpoint that ma assist us to troubleshoot your issue in more detail?

The Firewall Traversal Guide may also assist you in working out which ports you may not have opened between your endpoint and your call control.

Wayne
--
Please remember to rate responses and to mark your question as answered if appropriate.

Wayne

Please remember to mark helpful responses and to set your question as answered if appropriate.

0 Helpful
Customers Also Viewed These Support Documents