Forum Discussion
thomasesteve_91
Nimbostratus
NimbostratusPb between Firepass and voip
Good afternoon,
I use Firepass VPN SSL and I can connect my computer to the company network.
We use now a new application Voip (Etherset and SIP protocols).
I have to launch a TWS shortcut on my desktop that aims on a server into the compagny.
The application launchs normally but it seems to stop before the end of the initialization (a sort of identification).
I have sniffed ip trame with Ethereal wireshark.
Here they are the most popular alert i have notified :
PROTOCOL : TCP
-> [TCP Dup ACK xxxx] tsdos390 > microsoft-ds [ACK] seq = 14230 ack = 1173963 win=17520 len=0
[TCP Analysis flags] : this is a duplicate to ack in frame : 1464
-> [TCP Keep-Alive ACK] tsdos390 > microsoft-ds [ACK] seq=76689 Ack=6250290 win = 16909 Len=0
[TCP Analysis flags] : [This is an ACK to the segment in frame : 8372] [This is a TCP keep-alive segment]
-> [TCP Port Number reused] digital-notary > spytechphone [SYN]seq=0 win=16384 Len=0 MSS=140
[TCP Analysis flags] : [A new tcp session is started with the same ports as an earlier session in this trace].
-> [TCP retransmission]Read AndX Request, FID:0x0000, 4096 bytes at offset 2094592
[TCP Analysis flags] : [This frame is a (suspected) retransmission] [The RTO for this segment was: 0.593750000 seconds] [RTO based on delta from rame ; 3311]
-> [TCP rentransmission] [TCP segment of a reassembled PDU]
[TCP Analysis flags] : [This frame is a (suspected) retransmission]
-> [TCP retransmission] dns2go>bip1 [FIN, PSH, ACK] seq=3025 ack=781 win=64893 len=37
[TCP Analysis flags] : [This frame is a (suspected) retransmission]
PROTOCOL : LDAP
-> [TCP Retransmission] SASL GSS-API Integrity: UnbindRequest(11)
[TCP Analysis flags] : [This frame is a (suspected) retransmission]
PROTOCOL : SMB
-> [TCP Retransmission] Trans2 Response
[TCP Analysis flags] : [This frame is a (suspected) retransmission]
So I think that a lot of packet are lost or not reassembled. Have you already remarked this problem ? If yes, do yo know the solution? May be it could come from the bandwith (I use an ADSL with 4Mo on download and 500Ko/s) ? I hope that we could find a solution. The finality will be to use an usb phone with the Voip software for teleworker.
Regards,
mal_57091Hmm...are you starting a Network Access Connection?
Can you ping your internal hosts through the Network Access connection? (that is to verify basic connectivity inside the tunnel).
I have a bit of experience run VoIP through FirePass Network Access SSL VPN and in my experience alot of VoIP (read SIP especially) don't work with NAPT is enable on the FirePass Network Access connection. Most likely you may have a similar issue? If you disable NAPT for Network Access you need to install a return route for the clients PPP IP addresses in your network to go back via FirePass.
Hope this helps.
Cheers,
Mal
thomasesteve_91thanks for your answer.
I ' going to try your solution.
I keep you informed.- thomasesteve_91Bizarre, bizarre.
The application isn't completely connected but I can use the call function (test ok). Voipaddon are launched. But always.
I have tested with the other VPN (IPsec), it's the same problem...
Ours firewalls don't seem to block but I think our problem comes from there.