hi Vasily

 

Actually i dont know the detail about your problem. Please to execute debug command

 

clear db

debug nat rtsp debug nat gate
debug rm resource
debug flow basic

 

<generate RTSP traffic>

 

undebug all

 

get db str

 

 

btw how about if u disable the RSTP ALG ?

 

 

Thanks 

 

EL

Hi ELKIM,

 

Unfortunally I can't enable debug flow because I have a lot of traffic through our netscreen. I have tried to enable debug nat rtsp and I see rtsp traffic without any errors or warnings. This is my requests:

 

## 2009-08-21 12:46:23 : nat_rtsp_handler: entered: from 10.10.213.96 -> 74.125.77.177
## 2009-08-21 12:46:23 :

 

and remote replies:

 

## 2009-08-21 12:46:23 : nat_rtsp_handler: entered: from 74.125.77.177 -> address.from.PAT.pool

## 2009-08-21 12:46:23 :

 

I try RTSP with disabled ALG RTSP - result is same - it doesn't working.

 

Thank you for your reply!

 

BR, Vasily.

hi,

 

Unfortunately you can not debug with flow basic option. if u mind, u can try to disable the reassembly-for-alg on all zones that RTSP traffic passes.

 

with debug flow basic we can determine that problem cause by nat reassembly  or not

 

****** 23831515.0: <UserZone/ethernet0/1.2> packet received [783]******
ipid = 30965(78f5), @2e5be914
packet passed sanity check.
ethernet0/1.2:192.168.202.13/1785->218.188.73.209/554,6<Root>
existing session found. sess token 30
flow got session.
flow session id 60958
vsd 0 is active
packet dropped, nat xlate reassembly

 

Thanks

 

EL

Thank you for a good advice. I did a debug and I see some interesting stuff: first phase is standart - tcp and RTSP negotiations, second - too many packets with:

 

****** 2188125.0: <SZ0/ethernet0/0.20> packet received [1216]******
  ipid = 41650(a2b2), @2d650114
  packet passed sanity check.
  flow_decap_vector IPv4 process
  ethernet0/0.20:74.125.77.177/10580->IP.from.PAT.pool/6970,17<Root>
  no session found
  flow_first_sanity_check: in <ethernet0/0.20>, out <N/A>
  chose interface ethernet0/0.20 as incoming nat if.
  packet dropped: for self but not interested

Yes, it's configured on interface as DIP. Following knowledge base recommedation - we a using Policy-based NAT