07-14-2017 11:50 AM
we are using a couple of SRX240 to route between sites and on each site we have some SIP applications running.
With the SIP ALG enabled we were noticing that packets were being dropped.
So after some googling I came to the conclusion to disable the SIP ALG entirely.
After this, these call flows were successful.
The only problem then, was that SIP "OPTIONS" were being dropped by the SRX and was not being routed further to its destination. I verfied this by doign some traceoptions on the SRXs.
Basicly I don't want the SRX to do anything with SIP, it just need to route the packet to it's destination.
For now, I workaround to get SIP OPTIONS working again, was to enable SIP ALG globally, and disable it per policy based on the source and destination IPs of the SIP call flows.
But we are still noticing some packet drops. and some SIP ALG errors in the messages log file.
My question is if there is any way while disabling SIP ALG globally will still keep SIP OPTIONS working?
Is this a bug in the software perhaps. I could not find anything in the release notes.
On one side we have a srx with 12.1X46-D15.3 and the other side with 12.3X48-D35.7.
Any help would be greatly appreciated.
07-15-2017 05:16 AM
Are you using STUN (client/server)? Consider user persistent NAT.
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]
07-15-2017 11:02 PM
I would recommend you run sip traces and see if there is any specific errors reported ,
set security alg sip traceoptions flag all
set security traceoptions file SIP-traces
set security traceoptions file size 7m
set security traceoptions file files 2
Please Mark My Solution Accepted if it Helped, Kudos are Appreciated too