I think it uses a Nortel proprietary called Unistim for signalling. Packet capture shows it uses UDP ports 5000 and some show 5002. Our firewall logs classify that as Yahoo Messenger Voice chat.

i think you have a problem with inspection on ASA....

try to disable

inspect h323 h225

inspect h323 ras

Tried that. It still disconnects.

Hi,

Try to extend the following timeouts:

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02

timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00

timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00

The 2 minutes disconnect sounds like the UDP, sip media or sip-disconnect timeout.

Try modifying one at a time and test the VOIP, once you identify the one responsible, set it to 0 (= infinite).

Please rate if this helped.

Regards,

Daniel

I will try that. But, the call gets disconnected even during conversation. Isn't the timeout apply only for idle connection?

Also, it is not exactly 2 minutes but somewhere around 1 minute to 1 minute 50 seconds. It consistently disconnects.

We have an old VPN3K where the outside interface is in the DMZ and inside is in our internal network. When I use softphone with that VPN, I do not have a disconnect problem.

But that is going away.

We have new ASAs that we are testing where the outside is facing the internet and the inside is on the DMZ. It goes through checkpoint firewall. The new design looks like

Internet -> ASA -> Checkpoint firewall -> internal network

Problem is resolved.

There is a keepalive packet that originates from the VoIP network to the softphone clients that was getting blocked by the firewall. Due to this, the calls would terminate after 2 minutes.

Now, we permiited this keepalive on the firewall from inside corporate network to the vpn clients and everything is working as it should be.

Thanks for all the suggestions.