Problem with sessions stopping passing traffic after a period of time
markjw last edited by
I’m having a problem with my SSG140 firewalls where VoIP (however don’t think this is a VoIP specific problem) traffic stops passing though them after a period of time (varies from hours to days) - setup is as follows:
SSG140 firewalls at each site running either 6.2.0r6 or 6.2.0r8
Cisco Call Manager 7.1 server at central site
Cisco 2811 routers with 12.4 & 15.1 Voice software at remote sites
Asterisk VoIP PBX 1.6.2 at central site and remote sites
There are IAX2 trunks between the Asterisk servers using port 4569, MGCP connections from the 2811 routers to the Call Manager
MPLS connections between the various sites (10Mb at the central sites, 10 or 2Mbps at the remotes)
No NAT between the sites
Most of the time everything works correctly, however suddenly traffic stops passing between the Asterisk servers (IAX2 trunk shows as Unreachable on Asterisk) or between the 2811 routers and the Call Manager (CUCM shows the 2811 as unregistered).
Not all the connections drop out at the same time, ie they tend to go down 1 or 2 at a time. If you login to the SSG140 firewalls and clear the sessions for the affected connection then it immediatly starts working again, eg if the one of the Asterisk links goes down running:
clear session src-port 4569
clear session dst-port 4569
on the central firewall and the one at the affected remote site will cause the connection to start working again (same for MGCP if you clear its’ sessions)
Any help on this will be very much appreciated as it is causing operational problems
markjw last edited by
tried setting up a service with timeout never and still the same issue occurs - IAX does not have an ALG and we have tried the MGCP one enabled & disabled (same issue occurs with either, MGCP connections fail)
Suspect that there is a bug in the 6.2 firmware that causes problems with connections that have been open for extended periods of time, but can’t prove it.
echo last edited by
I remember that it has been helpful to unset ALG for SIP. For some reason this is ON by default, and has caused many problems in the past.
But once, when I didn’t know that yet, I configured my own UDP service - with a longer timeout, 10 minutes or 1000 minutes, can’t remember, the default being some 30 seconds or something. The phone company guy then told me that after that the phones started registering themselves properly. Not sure if this is applicable to your situation though.