Support Center > Search Results > SecureKnowledge Details
SIP VoIP call is disconnected / stops working several minutes after establishing the connection when SecureXL is enabled
Symptoms
  • SIP VoIP call is disconnected / stops working several minutes after establishing the connection:

    • SIP UDP: call is disconnected
    • SIP TCP: no more audio/video received, eventually the call is disconnected.
  • H323 VoIP calls work without any issues when SecureXL is enabled.

  • Disabling SecureXL resolves the issue with SIP calls.

Cause

Flow of events:

  1. SIP Server sends a first "invite" with port X for media and port Y for video.
  2. SIP connection is established.
  3. RTP connection is established.
  4. SIP VoIP call works correctly.
  5. SIP Server sends a second "invite" (keep alive) with the same port X for media and port Z for video (or even the same port Y for video).
  6. Security Gateway creates a pending connection for the port X.
  7. RTCP packet is received, and SecureXL forwards it to the FireWall. This packet matches the pending data connection (3 tuples).
  8. Security Gateway's SIP handling code deletes the links for old RTCP connection, but does not delete the links for the old RTP connection from the FireWall connections table and from the SecureXL connections table.
  9. New connection is created for RTCP, which includes the 5 tuples.
  10. FireWall tries to offload the new RTP and RTCP connections to SecureXL.
  11. At this point, collision occurs between the new RTP connection and the old RTP connection in the SecureXL connections table.
    As a result, SecureXL drops the new connection.

Example from kernel debug ('fw ctl debug -m fw + conn tcpstr') and SecureXL debug ('fwaccel dbg -m general + ant del'):

;sip_close_data_stream: Closing client data conn;
... ...
;sip_close_data_stream: Closing server data conn;
;sip_close_data_conn_by_uuid: Found data conn <0.0.0.0:0 -> IP_of_Server:PortMedia IPP 17>;
;fwconn_lookup_other_ex__legacy__: conn <dir 0, 0.0.0.0:0 -> IP_of_Server:PortMedia IPP 17;...>
found in connections table;
;fwconn_conn6_remove_conn: removing conn <dir 0, 0.0.0.0:0 -> IP_of_Server:PortMedia IPP 17>;
... ...
;fwconn_freefunc: entry expired. deleting from sxl;
;fwconn_key_lookup_ex: conn <dir 0, 0.0.0.0:0 -> IP_of_Server:PortMedia IPP 17> found in connections table
... ...
;fwconn_cphwd_delete_conn: deleting anticipated conn <dir 0, 0.0.0.0:0 -> IP_of_Server:PortMedia IPP 17>;
;cphwd_delete_anticipated_connkey: conn <dir 0, 0.0.0.0:0 -> IP_of_Server:PortMedia IPP 17> is not found in anticipated db;
;fwconn_delete_one_conn_related_entries: deleting connection <dir 0, 0.0.0.0:0 -> IP_of_Server:PortMedia IPP 17> <UID_of_CONNECTION> from conn_info table;
;fwconn_delete_one_conn_related_entries: connection has a parent connection: <dir 0, IP_of_Server:PortY -> IP_of_Client:5060 IPP 6> <UID_of_CONNECTION> deleting entries from parent_conn and son_conns tables;
... ...
;sip_rm_pending_data_conn: removing from fwx_pending, pending of <0.0.0.0:0 -> IP_of_Server:PortMedia IPP 17>;
;fwconn_lookup_other_ex__legacy__: conn <dir 0, 0.0.0.0:0 -> IP_of_Server:PortVideo IPP 17;...>
found in connections table;fwconn_conn6_remove_conn
;: removing conn <dir 0, 0.0.0.0:0 -> IP_of_Server:PortVideo IPP 17>;
;fwconn_freefunc: conn <dir 0, 0.0.0.0:0 -> IP_of_Server:PortVideo IPP 17, ...>;
;fwconn_freefunc: entry expired. deleting from sxl;
;fwconn_key_lookup_ex: conn <dir 0, 0.0.0.0:0 -> IP_of_Server:PortVideo IPP 17> found in connections table
... ...
;fwconn_cphwd_delete_conn: deleting anticipated conn <dir 0, 0.0.0.0:0 -> IP_of_Server:PortVideo IPP 17>;
;cphwd_delete_anticipated_connkey: conn <dir 0, 0.0.0.0:0 -> IP_of_Server:PortVideo IPP 17> is not found in anticipated db;
;fwconn_key_lookup_ex: conn <dir 0, 0.0.0.0:0 -> IP_of_Server:PortVideo IPP 17> found in connections table
... ...
;fwconn_delete_one_conn_related_entries: deleting connection <dir 0, 0.0.0.0:0 -> IP_of_Server:PortVideo IPP 17> <UID_of_CONNECTION> from conn_info table;
;fwconn_delete_one_conn_related_entries: connection has a parent connection: <dir 0, IP_of_Server:PortY -> IP_of_Client:5060 IPP 6> <UID_of_CONNECTION> deleting entries from parent_conn and son_conns tables;
... ...
;sip_rm_pending_data_conn: removing from fwx_pending, pending of <0.0.0.0:0 -> IP_of_Server:PortVideo IPP 17>;
;sip_close_rtcp_by_rtp_conn: Closed RTCP conn;
;fwconn_lookup_other_ex__legacy__: conn <dir 0, IP_of_Server:PortVideo -> IP_of_Client:PortZ IPP 17;...>
found in connections table;
;fwconn_conn6_remove_conn: removing conn <dir 0, IP_of_Server:PortVideo -> IP_of_Client:PortZ IPP 17>;
;fwconn_freefunc: conn <dir 0, IP_of_Client:PortZ -> IP_of_Server:PortVideo IPP 17, ...>;
;fwconn_freefunc: entry expired. deleting from sxl;


Solution
Note: To view this solution you need to Sign In .