[j-nsp] sip calls through srx fail after approx 15 min

Raphael Mazelier raph at futomaki.net
Fri May 29 08:06:18 EDT 2015


Le 28/05/2015 21:19, Majdi S. Abbas a écrit :
>> So are you saying that the sip alg can not be disabled?  Or that I won't be
>> able to get sip to work through the SRX without using the alg?  Thanks for
>> bringing up NAT, I did forget to mention our NAT setup.  The provider
>> requires that NAT and not PAT is used.  I've accomplished that by source
>> NAT for the pbx (perhaps I should switch to static NAT?).
>

Welcome to the wonderful land of Voip .
If I understand correctly you have your voip phone from a centrex like 
provider nated behind a srx.
This is not a ideal setup, as already said. Voip protocol are not very 
nat friendly because sip(or other) embeded  a lot of URIs.

That say, SIP/RTP can work with nat in the middle, that just cause many 
complications...

The question to leave enabled SIP ALG or not ? : well from a SP point of 
view I agreed with your provider, ALG must be disabled.
Why ? because we don't really know what they are doing and may cause 
unexpected behaviour.
In a other hand from a user point of view alg mitght help. (or not). I 
recommanded to disable it

With the small trace you provide, I suspect the alg is not disabled. 
Have you reboot your srx (or your complete cluster if relevant) ?
 From my experience reboot is needed to completly disable it on srx 
(might be fixed on newer release?)

So you could work with your nat setup. In my opinion that the role of 
the phones to open/leave pinhole open. So outgoing source nat must be 
sufficient.
The real point is to correctly configure your sip phones (stun/ice/keep 
alive/nat traversal there are so many options).

After that if you always have a timer issue , you have to tcpdump to 
find what cause the call to drop, and ask also your provider which must 
have some log

Cause may :

- fw sessions ending (idleing) rtp/sip ?
- remote ending (keep alive not receveid ??)
- local ending (the reverse)
- etc...

Regards,

-- 
Raphael Mazelier






More information about the juniper-nsp mailing list