PROBLEM

Linking sites via VPN with integrated firewall (kb3341)

The information in this article applies to:

  • SwyxWare all versions

[ Symptoms | Cause | Resolution | Status ]


Symptoms

If using Clients (SwyxIt! or IP-phones) and/or gateways on a remote site - often one way media streaming, call interruptions or registration problems occur - if the VPN routers are using firewall functionalities (e.g. CISCO PIX).

Cause

Firewalls in most cases are using a mechanism called "TCP-timeout" or "stateful inspection" to monitor TCP sessions. Because the client and the server are negotiating the used ports only during the clients registration, there will be no more media streaming, after the TCP-timeout has dropped the corresponding session.

Resolution

Either switch off or increase the value of the TCP-timeout which is long enough to keep the session valid during an idle state of the clients (no phone call).

Status

Known.

Comment

Comment on this article



If we have any follow-up questions, where can we contact you?

E-Mail Address (optional)


Note

This feedback form can't be used for support requests. Those requests must be directed to your Swyx reseller or distributor.