Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 28 subscribers
  • Views 2983 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

One way voice traffic on VPN only

svk253

Hi all,

I'm having a peculiar issue where we are not able to get SIP calls to work over our VPN. Our users are using a Cisco Jabber softphone client. We get one way audio when someone calls VPN > VPN (or is called), and External call > VPN workstation. However VPN > Internal Phone seems to work OK.

I worked with Sophos support and they said it was Cisco. I worked with Cisco TAC and they said it was Sophos. So I'm sort of stuck.

I worked with TAC to do many packet captures on our internal network on the voice router & switches. We found that there is only one way traffic going from the firewall to the voice router and nothing going back.

So I did a packet capture directly on the XG and it shows that traffic is going both ways TO our internal network, but something happens when it leaves?

See diagram.



Things I've tried:
-Unloading SIP helper (no change)

-Removing NAT / MASQ from the SIP & RTP traffic on the VPN (this seemed to be required either way)

-Ensuring SIP & RTP ports unblocked

 

The RTP stream is missing half so that's why there's one way audio but we can't figure out why that other half went missing.



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi  

    Apologies for the inconvenience caused. Could you please PM me the case number so I can follow up with that case?

    Thanks, 

  • 0 in reply to FormerMember

    I am having this same issue. What is strange is that looking in the Log Viewer, one second the traffic is allowed via my rule, then next second it is not via rule 0:

    Not Allowed via Rule 0:

    2020-07-02 09:29:03Firewallmessageid="01001" log_type="Firewall" log_component="Invalid Traffic" log_subtype="Denied" status="Deny" con_duration="0" fw_rule_id="0" policy_type="0" user="" user_group="" web_policy_id="0" ips_policy_id="0" appfilter_policy_id="0" app_name="" app_risk="0" app_technology="" app_category="" in_interface="" out_interface="" src_mac="" src_ip="10.81.235.9" src_country="" dst_ip="172.16.1.11" dst_country="" protocol="TCP" src_port="54085" dst_port="8443" packets_sent="0" packets_received="0" bytes_sent="0" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="" src_zone="" dst_zone_type="" dst_zone="" con_direction="" con_id="" virt_con_id="" hb_status="No Heartbeat" message="Could not associate packet to any connection." appresolvedby="Signature" app_is_cloud="0" Copy to clipboard

    Allowed via Rule 195:

    2020-07-02 09:29:47Firewallmessageid="00001" log_type="Firewall" log_component="Firewall Rule" log_subtype="Allowed" status="Allow" con_duration="71" fw_rule_id="195" policy_type="1" user="zwiegel@iss.inter-state.com" user_group="Domain Admins" web_policy_id="0" ips_policy_id="0" appfilter_policy_id="0" app_name="SSL Traffic over Non-SSL Ports" app_risk="1" app_technology="Network Protocol" app_category="Infrastructure" in_interface="tun0" out_interface="Port1" src_mac="00:00:00:00:00:00" src_ip="10.81.235.9" src_country="R1" dst_ip="172.16.1.11" dst_country="R1" protocol="TCP" src_port="55514" dst_port="8443" packets_sent="10" packets_received="9" bytes_sent="1405" bytes_received="3447" src_trans_ip="192.168.1.19" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="VPN" src_zone="VPN" dst_zone_type="LAN" dst_zone="LAN" con_direction="" con_event="Stop" con_id="3283414464" virt_con_id="" hb_status="No Heartbeat" message="" appresolvedby="Signature" app_is_cloud="0" Copy to clipboard

    Has anyone else come across this and if so, what was the solution. I have a case number in but so far no luck so I thought I might try here. 

    I've also adjusted my "UDP Time out Stream" from 60 to 150 & unloaded sip. I'm at a loss right now. 

Reply
  • 0 in reply to FormerMember

    I am having this same issue. What is strange is that looking in the Log Viewer, one second the traffic is allowed via my rule, then next second it is not via rule 0:

    Not Allowed via Rule 0:

    2020-07-02 09:29:03Firewallmessageid="01001" log_type="Firewall" log_component="Invalid Traffic" log_subtype="Denied" status="Deny" con_duration="0" fw_rule_id="0" policy_type="0" user="" user_group="" web_policy_id="0" ips_policy_id="0" appfilter_policy_id="0" app_name="" app_risk="0" app_technology="" app_category="" in_interface="" out_interface="" src_mac="" src_ip="10.81.235.9" src_country="" dst_ip="172.16.1.11" dst_country="" protocol="TCP" src_port="54085" dst_port="8443" packets_sent="0" packets_received="0" bytes_sent="0" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="" src_zone="" dst_zone_type="" dst_zone="" con_direction="" con_id="" virt_con_id="" hb_status="No Heartbeat" message="Could not associate packet to any connection." appresolvedby="Signature" app_is_cloud="0" Copy to clipboard

    Allowed via Rule 195:

    2020-07-02 09:29:47Firewallmessageid="00001" log_type="Firewall" log_component="Firewall Rule" log_subtype="Allowed" status="Allow" con_duration="71" fw_rule_id="195" policy_type="1" user="zwiegel@iss.inter-state.com" user_group="Domain Admins" web_policy_id="0" ips_policy_id="0" appfilter_policy_id="0" app_name="SSL Traffic over Non-SSL Ports" app_risk="1" app_technology="Network Protocol" app_category="Infrastructure" in_interface="tun0" out_interface="Port1" src_mac="00:00:00:00:00:00" src_ip="10.81.235.9" src_country="R1" dst_ip="172.16.1.11" dst_country="R1" protocol="TCP" src_port="55514" dst_port="8443" packets_sent="10" packets_received="9" bytes_sent="1405" bytes_received="3447" src_trans_ip="192.168.1.19" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="VPN" src_zone="VPN" dst_zone_type="LAN" dst_zone="LAN" con_direction="" con_event="Stop" con_id="3283414464" virt_con_id="" hb_status="No Heartbeat" message="" appresolvedby="Signature" app_is_cloud="0" Copy to clipboard

    Has anyone else come across this and if so, what was the solution. I have a case number in but so far no luck so I thought I might try here. 

    I've also adjusted my "UDP Time out Stream" from 60 to 150 & unloaded sip. I'm at a loss right now. 

Children
No Data