[VoiceOps] Odd network problem with SIP
frnkblk at iname.com
Sat Jun 21 17:26:45 EDT 2014
We've had to do the same, too.
From: VoiceOps [mailto:voiceops-bounces at voiceops.org] On Behalf Of Brooks
Sent: Saturday, June 21, 2014 4:10 PM
To: voiceops at voiceops.org
Subject: Re: [VoiceOps] Odd network problem with SIP
Make sure you're fully disabling the ALG on those Fortigates. I got bit
by that one time when I discovered (after many emails with support) that
there are 2 places you have to shut off the SIP ALG before it's actually
disabled, and the documentation only mentioned one of them.
Email: brooks at firestormnetworks.net
On 6/21/2014 10:37 AM, Jay Ashworth wrote:
> I have a client using the Spitfire dialler on Win7 to dial via SIP to a
> carrier called VoxTelecom; I infer they're a virtual carrier because the
> SIP goes to their Sonus SBC at a single IP, but the media sessions go all
> over creation.
> The client has been having completion trouble, and the dialler folks said
> "crappy circuit; too much jitter and packet loss", tested from the dialler
> using PingPlotter. I don't think it was jitter, I think it was ping
> deviation; PingPlotter doesn't appear to actually test jitter.
> But to tick the boxes, I had road runner out; they replaced a ubee D2
> with their New Hawtness Arris D3 modem; no change. All his analog
> were pristine, he told me.
> So next step, check the router. Log in to the Fortigate 40D; control
> won't paint properly. This *may* have been an IE10 compatibility mode
> red-herring, but I temporarily swapped it for a 20C, which I could talk
> Set up the inbound DNATs for udp/5060 SIP and upd/49152-49252 RTP.
> Ran some calls.
> They're not seeing my ACK after they send me an SDP. They get the invite,
> not the ACK. I send RTP, but they don't bother cause they think the
> not set up yet.
> Wireshark on the dialler... that ACK packet *has a bad IP header
> Not the earlier packets; just the ACK. Huh?
> So, assume it's the OS, somehow; reboot. 65 Windows updates and an hour
> Set everything back up, and run more test calls. This time, the Invite
has a bad
> IP header checksum. Look at clock, 6pm EDT. Give up, go home.
> I'm going to go back to the original router Monday morning, and check the
> compatibility mode theory, but has anyone ever seen "just certain sent
> show up with a bad IP header checksum, as monitored on-machine"?
> (I know that the original 40D router might well *have* a problem, and that
> checksum thing is orthogonal to the original problem -- since older pcaps
> clean setups -- but at least I can confirm I have the NATs configured
> -- jra
VoiceOps mailing list
VoiceOps at voiceops.org
More information about the VoiceOps