Boy did I have another strange one to work on today.
Customer has two branch offices connecting to the corporate office – Branch#1 and Branch#2.
Everything is working fine for weeks and then all the sudden phones at Branch#2 cannot register with the VoIP server.
Customer bent on blaming the firewall (which I manage). Unfortunately I don’t have an understanding of the details of this particular VoIP system and the protocol traffic I should expecting on the wire but I setup a PCAP trace on both branch office Cisco ASA firewalls to compare a good registration with a bad registration.
Let’s take a look at a good registration…
The ‘good’ trace above has filtered out a number of TCP / HTTP conversations between the VoIP phone and server but above we see a successful SIP registration process which took a total of 9.1 seconds.
Now let’s take a look at what’s happening on the wire of the failed SIP registration process…
The ‘bad’ trace above has filtered out a TFTP download between the VoIP phone and server. And here we see that after .28 seconds everything comes to a grinding halt with the last packet being the VoIP phone sending an NTP client synchronization packet to the VoIP server but never receiving a reply.
After demonstrating my findings and pushing back on the customer to go to their VoIP vendor, it turned out a setting needed to be modified on the VoIP server.
No comments:
Post a Comment