[j-nsp] sip calls through srx fail after approx 15 min
Majdi S. Abbas
msa at latt.net
Thu May 28 14:41:57 EDT 2015
On Thu, May 28, 2015 at 11:36:20AM -0700, Andy Litzinger wrote:
> We're configuring a new sip setup with a phone vendor. The provider pbx
> sits inside our network and makes connections out through our SRX to the
> provider sip gateways. Calls are working, but seem to drop at or near the
> 15 minute mark. The provider is sure that it's a setting on the SRX. The
> one issue we may have found is that it seems we might be having some
> trouble truly turning off the sip alg which is a requirement of the
> provider. Despite our best efforts I continue to see sessions when I issue
> the command 'show security flow session application sip'. Firstly, am I
> correct in assuming that if I see a session here that it indicates the sip
> alg is being used?
SIP is not NAT friendly, so you are using the ALG. Now, as far
as tuning that ALG, start with adjusting the timeout beyond the 3600s
that most people use as their default:
applications {
application junos-sip {
term t1 inactivity-timeout 7200;
}
}
If you also experience one-way audio problems, you may need the
following as well:
security {
alg {
sip {
application-screen {
unknown-message {
permit-nat-applied;
permit-routed;
}
}
}
}
}
Cheers,
--msa
More information about the juniper-nsp
mailing list