05-08-2012 07:19 PM - edited 03-17-2019 11:09 PM
If I have TLS set as transport for SIP settings for traversal zones on VCS-C and VCS-E, my SIP calls from internal to external fail at 15 minutes. If I change it to TCP, calls work fine.
Between the VCS-C (LAN) and VCS-E (DMZ) is an ASA5520 and between the VCS-E and Internet is a Juniper SG 320. H323 calls work fine, by the way. I suspect there is something on the firewalls I should be looking at.
Thoughts?
Sent from Cisco Technical Support iPhone App
05-09-2012 12:03 AM
Darren,
does the SIP part of the traversal zone also go down on the 15 minute mark, or the call itself only?
What does the eventlogs on VCS-C and VCS-E show once the disconnect occurs?
- Andreas
05-09-2012 04:39 AM
Hi Darren,
It is a very common problem most of the Customers Face, I Suspect that the Session Out Timers on your firewall for SIP must have been set to 15 minutes . Please review it again on your firewall.
Additionally, to cross check this information , I agree with Andreas to pull out the logs and find the root cause.
Most of the time , it turns out to be firewall issue. Please check with the firewall team and increase the session out timer for H323 and SIP.
Your firewall team needs to disable any H323/SIP fixup on the device to make sure the H323/SIP signaling is flowing like it should. Normally Checkpoint firewalls (for example) have these settings enabled as default.
Please make sure you have the following two lines on your Checkpoint(s) configuration (for H323):
no fixup protocol h323 h225 1720
no fixup protocol h323 ras 1718-1719
Thanks,
Saurabh Gupta
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: