[VoiceOps] Odd network problem with SIP
brooks at firestormnetworks.net
Sat Jun 21 17:09:58 EDT 2014
Make sure you're fully disabling the ALG on those Fortigates. I got bit
by that one time when I discovered (after many emails with support) that
there are 2 places you have to shut off the SIP ALG before it's actually
disabled, and the documentation only mentioned one of them.
Email: brooks at firestormnetworks.net
On 6/21/2014 10:37 AM, Jay Ashworth wrote:
> I have a client using the Spitfire dialler on Win7 to dial via SIP to a
> carrier called VoxTelecom; I infer they're a virtual carrier because the
> SIP goes to their Sonus SBC at a single IP, but the media sessions go all
> over creation.
> The client has been having completion trouble, and the dialler folks said
> "crappy circuit; too much jitter and packet loss", tested from the dialler
> using PingPlotter. I don't think it was jitter, I think it was ping response
> deviation; PingPlotter doesn't appear to actually test jitter.
> But to tick the boxes, I had road runner out; they replaced a ubee D2 modem
> with their New Hawtness Arris D3 modem; no change. All his analog measurements
> were pristine, he told me.
> So next step, check the router. Log in to the Fortigate 40D; control panel
> won't paint properly. This *may* have been an IE10 compatibility mode
> red-herring, but I temporarily swapped it for a 20C, which I could talk to.
> Set up the inbound DNATs for udp/5060 SIP and upd/49152-49252 RTP.
> Ran some calls.
> They're not seeing my ACK after they send me an SDP. They get the invite, but
> not the ACK. I send RTP, but they don't bother cause they think the call's
> not set up yet.
> Wireshark on the dialler... that ACK packet *has a bad IP header checksum*.
> Not the earlier packets; just the ACK. Huh?
> So, assume it's the OS, somehow; reboot. 65 Windows updates and an hour later...
> Set everything back up, and run more test calls. This time, the Invite has a bad
> IP header checksum. Look at clock, 6pm EDT. Give up, go home.
> I'm going to go back to the original router Monday morning, and check the
> compatibility mode theory, but has anyone ever seen "just certain sent packets
> show up with a bad IP header checksum, as monitored on-machine"?
> (I know that the original 40D router might well *have* a problem, and that the
> checksum thing is orthogonal to the original problem -- since older pcaps show
> clean setups -- but at least I can confirm I have the NATs configured right.)
> -- jra
More information about the VoiceOps