[cisco-voip] RTP Packets over ASA with 8.4.1 Code

Matthew Loraditch MLoraditch at heliontechnologies.com
Thu May 5 12:59:37 EDT 2011


Possible,
I am on CCM 8.5SU1 with the phones being all 7941/42 types on 9-1-1 loads and ASA 8.4


Matthew Loraditch, CCVP, CCNA, CCDA
1965 Greenspring Drive
Timonium, MD 21093
support at heliontechnologies.com<mailto:support at heliontechnologies.com>
(p) (410) 252-8830
(F) (443) 541-1593

Visit us at www.heliontechnologies.com<http://www.heliontechnologies.com/>
Support Issue? Email support at heliontechnologies.com<mailto:support at heliontechnologies.com> for fast assistance!

From: michael.p.king at gmail.com [mailto:michael.p.king at gmail.com] On Behalf Of Mike King
Sent: Thursday, May 05, 2011 12:54 PM
To: Matthew Loraditch
Cc: Jim McBurnett; cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] RTP Packets over ASA with 8.4.1 Code

The difference for Skinny inspection is that the newer code versions of ASA support newer versions of the Skinny protocol (SCCP).

https://supportforums.cisco.com/docs/DOC-8131  (Hi Wes!)


It's my suspicion that you may have hit a bug, since newer versions of ASA supports older versions of SCCP, (But not newer versions of SCCP they don't understand. That document only references version 17.  I've found references on Google to SCCP vesion 20)

We've turned off skinny because our ASA's were on 8.0.2 until fairly recently.  I don't think we're gonna turn it back on anytime soon.

Mike




On Thu, May 5, 2011 at 11:22 AM, Matthew Loraditch <MLoraditch at heliontechnologies.com<mailto:MLoraditch at heliontechnologies.com>> wrote:
Ok so for the list's benefit
Worked with TAC, disabling them again it worked. I think I may have done something wonky the first time I tried.
Of course I asked the TAC Engineer why the difference in 8.4.1 vs 8.2, 8.1 as I have several other customer ASA including our own that are on those code levels and skinny inspection is enabled and works fine over VPN.
So I'm pretty sure I found a bug but despite my prodding the engineer he didn't seem interested in figuring out the problem just working around it.
Luckily I have no need for Skinny inspection.

Matthew Loraditch, CCVP, CCNA, CCDA
1965 Greenspring Drive
Timonium, MD 21093
support at heliontechnologies.com<mailto:support at heliontechnologies.com>
(p) (410) 252-8830<tel:%28410%29%20252-8830>
(F) (443) 541-1593<tel:%28443%29%20541-1593>

Visit us at www.heliontechnologies.com<http://www.heliontechnologies.com/>
Support Issue? Email support at heliontechnologies.com<mailto:support at heliontechnologies.com> for fast assistance!

From: cisco-voip-bounces at puck.nether.net<mailto:cisco-voip-bounces at puck.nether.net> [mailto:cisco-voip-bounces at puck.nether.net<mailto:cisco-voip-bounces at puck.nether.net>] On Behalf Of Matthew Loraditch
Sent: Tuesday, May 03, 2011 3:23 PM

To: Jim McBurnett; cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: Re: [cisco-voip] RTP Packets over ASA with 8.4.1 Code

So I disabled all the voice inspections and that didn't work, I then reenabled them and they started working....................
I am rebooting tonight to see if it's still ok afterwards



Matthew Loraditch, CCVP, CCNA, CCDA
1965 Greenspring Drive
Timonium, MD 21093
support at heliontechnologies.com<mailto:support at heliontechnologies.com>
(p) (410) 252-8830<tel:%28410%29%20252-8830>
(F) (443) 541-1593<tel:%28443%29%20541-1593>

Visit us at www.heliontechnologies.com<http://www.heliontechnologies.com/>
Support Issue? Email support at heliontechnologies.com<mailto:support at heliontechnologies.com> for fast assistance!

From: Jim McBurnett [mailto:jim at tgasolutions.com<mailto:jim at tgasolutions.com>]
Sent: Tuesday, May 03, 2011 1:36 PM
To: Matthew Loraditch; cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: RE: RTP Packets over ASA with 8.4.1 Code

Any MTP's configured?

Jim

From: Matthew Loraditch [mailto:MLoraditch at heliontechnologies.com<mailto:MLoraditch at heliontechnologies.com>]
Sent: Tuesday, May 03, 2011 12:02 PM
To: Jim McBurnett; cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: RE: RTP Packets over ASA with 8.4.1 Code

Nope we aren't using that

Matthew Loraditch, CCVP, CCNA, CCDA
1965 Greenspring Drive
Timonium, MD 21093
support at heliontechnologies.com<mailto:support at heliontechnologies.com>
(p) (410) 252-8830<tel:%28410%29%20252-8830>
(F) (443) 541-1593<tel:%28443%29%20541-1593>

Visit us at www.heliontechnologies.com<http://www.heliontechnologies.com/>
Support Issue? Email support at heliontechnologies.com<mailto:support at heliontechnologies.com> for fast assistance!

From: Jim McBurnett [mailto:jim at tgasolutions.com<mailto:jim at tgasolutions.com>]
Sent: Tuesday, May 03, 2011 12:02 PM
To: Matthew Loraditch; cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: RE: RTP Packets over ASA with 8.4.1 Code

Do you have any Phone Proxy configurations?
I've heard of some bugs on that configuration, but never seen them personally....
Jim

From: cisco-voip-bounces at puck.nether.net<mailto:cisco-voip-bounces at puck.nether.net> [mailto:cisco-voip-bounces at puck.nether.net<mailto:cisco-voip-bounces at puck.nether.net>] On Behalf Of Matthew Loraditch
Sent: Tuesday, May 03, 2011 11:22 AM
To: cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: [cisco-voip] RTP Packets over ASA with 8.4.1 Code

Anyone having issues with this?  It appears our ASA is changing the ip of RTP packets over VPN to the IP of the asa instead of keeping them as my VGW's IP.
This basically breaks all of our IP Communicators.


Matthew Loraditch, CCVP, CCNA, CCDA
1965 Greenspring Drive
Timonium, MD 21093
support at heliontechnologies.com<mailto:support at heliontechnologies.com>
(p) (410) 252-8830<tel:%28410%29%20252-8830>
(F) (443) 541-1593<tel:%28443%29%20541-1593>

Visit us at www.heliontechnologies.com<http://www.heliontechnologies.com/>
Support Issue? Email support at heliontechnologies.com<mailto:support at heliontechnologies.com> for fast assistance!


_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20110505/4567bf3f/attachment.html>


More information about the cisco-voip mailing list