<div dir="ltr">There's definitely potential for a firewall issue. Firewalls with SIP ALGs built in drop 200 OKs with codecs/SDP lines they don't like all the time. I'd make sure any SIP inspection/SIP ALG functionality is disabled on the Checkpoint firewall.<div>
<br></div><div>Brian</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, Apr 22, 2014 at 5:40 PM, Dana Tong <span dir="ltr"><<a href="mailto:Dana_Tong@bridgepoint.com.au" target="_blank">Dana_Tong@bridgepoint.com.au</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div lang="EN-AU" link="blue" vlink="purple">
<div>
<p class="MsoNormal">Good morning all,<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">I have a VCS Control / Expressway combination setup with the appropriate traversal zone, and search rules for a client of mine who has a Checkpoint firewall and IPS function. I have provided them with the firewall port usage guide for Cisco
VCS Control with Expressway. <u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">I have enabled a packet capture on a VCS Expressway that I have here in our office and made a test call to a CODEC here.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">I see the following:<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Receive SIP INVITE from remote party<u></u><u></u></p>
<p class="MsoNormal">Send 100 TRYING<u></u><u></u></p>
<p class="MsoNormal">Send 180 RINGING<u></u><u></u></p>
<p class="MsoNormal">Send 200 OK with SDP (a number of times). <u></u><u></u></p>
<p class="MsoNormal">SDP looks correct.<u></u><u></u></p>
<p class="MsoNormal">No response from the remote CODEC.<u></u><u></u></p>
<p class="MsoNormal">Receive CANCEL<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Now, I don’t think all the of the f/w rules are quite yet provisioned and enabled. I am trying to establish a remote session with the customer to perform another packet capture on their Expressway to see if they receive my 200 OK and if
it sends an ack. <u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">But at the moment the person who maintains the firewall has been away but will be back this week. Would you agree that we have an issue with the firewall (based on the limited information I have provided)?<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">And is there anything special that needs to be done on a Checkpoint firewall for Video Traversal?<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Cheers<span class="HOEnZb"><font color="#888888"><br>
Dana<u></u><u></u></font></span></p>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
<br>_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
<br></blockquote></div><br></div>