There's definitely potential for a firewall issue. Firewalls with SIP ALGs
built in drop 200 OKs with codecs/SDP lines they don't like all the time.
I'd make sure any SIP inspection/SIP ALG functionality is disabled on the
Checkpoint firewall.
Brian
On Tue, Apr 22, 2014 at 5:40 PM, Dana Tong dana_t...@bridgepoint.com.auwrote:
Good morning all,
I have a VCS Control / Expressway combination setup with the appropriate
traversal zone, and search rules for a client of mine who has a Checkpoint
firewall and IPS function. I have provided them with the firewall port
usage guide for Cisco VCS Control with Expressway.
I have enabled a packet capture on a VCS Expressway that I have here in
our office and made a test call to a CODEC here.
I see the following:
Receive SIP INVITE from remote party
Send 100 TRYING
Send 180 RINGING
Send 200 OK with SDP (a number of times).
SDP looks correct.
No response from the remote CODEC.
Receive CANCEL
Now, I don’t think all the of the f/w rules are quite yet provisioned and
enabled. I am trying to establish a remote session with the customer to
perform another packet capture on their Expressway to see if they receive
my 200 OK and if it sends an ack.
But at the moment the person who maintains the firewall has been away but
will be back this week. Would you agree that we have an issue with the
firewall (based on the limited information I have provided)?
And is there anything special that needs to be done on a Checkpoint
firewall for Video Traversal?
Cheers
Dana
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
___
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
