[cisco-voip] Connectivity problem with remote site

Mike King me at mpking.com
Mon Feb 8 16:44:26 EST 2010 

7941G-GE's and 7961G-GE's.  I'm not sure what the failover is, but it's most
likely the default in CUCM 7.1.3


For those following along at home, I found the following error messages in
my ASA's logs (both ends of the VPN termination):


Teardown TCP connection 541098 for elan:x.x.x.202/2000 to VOIP:x.x.x.x/38034
duration 0:33:51 bytes 9220 Flow closed by inspection
%ASA-6-106015: Deny TCP (no connection) from x.x.x.202/2000
to x.x.x.160/38034 flags PSH ACK  on interface elan
%ASA-6-106015: Deny TCP (no connection) from x.x.x202/2000
to x.x.x.160/38034 flags PSH ACK  on interface elan
%ASA-6-106015: Deny TCP (no connection) from x.x.x.202/2000
to x.x.x.160/38034 flags PSH ACK  on interface elan
%ASA-6-106015: Deny TCP (no connection) from x.x.x.202/2000
to x.x.x.160/38034 flags PSH ACK  on interface elan

I've removed
inspection skinny
from both ends of my ASA

And after a few minutes of insane confusion (calls lost, call on hold that
cannot be picked up), things seem to be better.  I'm not logging any error
messages on any phone's I've been tracing.

I can't for the life of my figure out why this only showed up last thursday,
after 13 months of production use.  (again, no changes in the network since
Last October, when the system was upgraded from 4.2.3 to 7.1.3)


On Mon, Feb 8, 2010 at 1:31 PM, Wes Sisk <wsisk at cisco.com> wrote:

>  VOIP is very sensitive.  What model phones are these and what type of
> failover do you have configured for the phones?
> http://puck.nether.net/pipermail/cisco-voip/2009-May/001155.html
>
> The failover type determines TCP stack behavior on the phones.  The
> underlying cause is dropped or delayed packets in your network.  Other
> applications are just more forgiving.
>
> You can try "slow failover" to be more lenient on signaling.  However, if
> you are running RTP over those links the RTP will still be negatively
> impacted.
>
> /Wes
>
>
> On Monday, February 08, 2010 1:13:09 PM, Mike King <me at mpking.com><me at mpking.com>wrote:
>
> I forgot to add:
>
>  VPN uptime counter is at 6days and change.
>
>  Have several line of business applications that are running thru Citrix
> that are not being affected.
> Nobody is noticing any drops in connectivity (I know that VoIP is very
> sensitive)
>
> On Mon, Feb 8, 2010 at 1:04 PM, Matthew Ballard <mballard at otis.edu> wrote:
>
>>  I would first check the VPN for issues.  You should be able to check
>> uptime on the VPN connection, if that is staying low, and therefore
>> interrupting communication with UCM, that would cause those problems.  Could
>> be an issue with the provider connecting the sites.
>>
>>
>>
>> Matthew Ballard
>>
>> Network Manager
>>
>> Otis College of Art and Design
>>
>> mballard at otis.edu
>>
>>
>>
>> *From:* cisco-voip-bounces at puck.nether.net [mailto:
>> cisco-voip-bounces at puck.nether.net] *On Behalf Of *Mike King
>> *Sent:* Monday, February 08, 2010 9:43 AM
>> *To:* Cisco VoIPoE List
>> *Subject:* [cisco-voip] Connectivity problem with remote site
>>
>>
>>
>> Starting last week, I've had one of my site go a little bit looney.
>>  Dropping calls, Phones saying UCM down, Pushing the extension, getting
>> dialtone, dialing, and having a live call already on the line.
>>
>>
>>
>> It looks like a connectivity issue, but I can't figure out what's going
>> on.   The site has been up for about 13 months with no issues..  Nothing has
>> changed in the network.
>>
>>
>>
>> I'm pinging a bunch of the phones.  They haven't dropped any packets, and
>> all my pings are 2ms or less.
>>
>>
>>
>> here's what's on the phone Display log:
>>
>> 8:24:07a 14: Name=SEP00235E18F284 Load= SCCP41.8-5-3S Last=UCM-closed-TCP
>>
>>  8:24:11a 23: Name=SEP00235E18F284 Load= SCCP41.8-5-3S Last=Reset-Restart
>>
>>  10:23:00a 14: Name=SEP00235E18F284 Load= SCCP41.8-5-3S
>> Last=UCM-closed-TCP
>>
>>  10:23:05a 23: Name=SEP00235E18F284 Load= SCCP41.8-5-3S
>> Last=Reset-Restart
>>
>>  10:57:17a 14: Name=SEP00235E18F284 Load= SCCP41.8-5-3S
>> Last=UCM-closed-TCP
>>
>>  10:57:21a 23: Name=SEP00235E18F284 Load= SCCP41.8-5-3S
>> Last=Reset-Restart
>>
>>  11:11:00a 14: Name=SEP00235E18F284 Load= SCCP41.8-5-3S
>> Last=UCM-closed-TCP
>>
>>  11:11:05a 23: Name=SEP00235E18F284 Load= SCCP41.8-5-3S
>> Last=Reset-Restart
>>
>>  11:19:24a 14: Name=SEP00235E18F284 Load= SCCP41.8-5-3S
>> Last=UCM-closed-TCP
>>
>>  11:19:28a 23: Name=SEP00235E18F284 Load= SCCP41.8-5-3S
>> Last=Reset-Restart
>>
>>  11:21:41a 23: Name=SEP00235E18F284 Load= SCCP41.8-5-3S
>> Last=Reset-Restart
>>
>>  11:46:48a 14: Name=SEP00235E18F284 Load= SCCP41.8-5-3S
>> Last=UCM-closed-TCP
>>
>>  11:46:56a 23: Name=SEP00235E18F284 Load= SCCP41.8-5-3S
>> Last=Reset-Restart
>>
>>  11:56:38a 14: Name=SEP00235E18F284 Load= SCCP41.8-5-3S
>> Last=UCM-closed-TCP
>>
>>  11:57:01a 14: Name=SEP00235E18F284 Load= SCCP41.8-5-3S
>> Last=UCM-closed-TCP
>>
>>  11:57:01a 18: Name=SEP00235E18F284 Load= SCCP41.8-5-3S Last=Failback
>>
>>  12:22:20p 14: Name=SEP00235E18F284 Load= SCCP41.8-5-3S
>> Last=UCM-closed-TCP
>>
>>  12:22:25p 23: Name=SEP00235E18F284 Load= SCCP41.8-5-3S Last=Reset-Restart
>>
>>  12:27:55p 14: Name=SEP00235E18F284 Load= SCCP41.8-5-3S
>> Last=UCM-closed-TCP
>>
>>  12:28:37p 14: Name=SEP00235E18F284 Load= SCCP41.8-5-3S
>> Last=UCM-closed-TCP
>>
>>  12:28:38p 18: Name=SEP00235E18F284 Load= SCCP41.8-5-3S Last=Failback
>>
>>  12:29:02p 14: Name=SEP00235E18F284 Load= SCCP41.8-5-3S
>> Last=UCM-closed-TCP
>>
>>  12:29:06p 23: Name=SEP00235E18F284 Load= SCCP41.8-5-3S
>> Last=Reset-Restart
>>
>>
>>
>>
>>
>> I've been pinging the phones since 12:00, so I've had at least 3 "events"
>> while I've been pinging it.
>>
>>
>>
>> UCM-closed-TCP indicates that a firewall closed the connection.
>>
>> I have a L2L vpn between sites:
>>
>> CUCM -> 6509 -> ASA5550 ===IPSEC===> ASA5505 -> Switch -> Phone
>>
>>
>>
>> Where can I look for more information to diagnose what's going on?
>>
>>
>>
>> Mike
>>
>>
>>
>>
>>
>
>  ------------------------------
>
> _______________________________________________
> cisco-voip mailing listcisco-voip at puck.nether.nethttps://puck.nether.net/mailman/listinfo/cisco-voip
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20100208/800e541f/attachment.html>

More information about the cisco-voip mailing list