Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 39 subscribers
  • Views 4096 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SIP Issue - Missing Encapsulated multipart part: (application/isup)

H Obe RS

Dear team,

 

Here my SIP topology

A: 1.10 SIP-Signaling

B: 2.10 RTP-Media

C: 3.10 SOPHOS XG

D: 4.10 SIP Backend

 

everything are look good running but inconsistency way, some time great for 5 call outgoing but 2 of 5 incoming failed with "482:LOOP Detected", bus sometime good all day with 9 of 10 outgoing and 10 incoming.

with this inconsistency , we discuss with the ISP and they never asking why there's no ISUP(ITU) because this topology should not hide behind Firewall Sophos XG, previously just linux iptables and and masquerade and never has a problem and has never loose ISUP MIME Application.

the topology that ISP want only A ---> router --> C

after they knew that we put the firewall SOPHOS XG, they ask to remove the sophos or back to linux iptables as a router.

because of this case, we grab TCPDump from Sophos and dig line by line, here what we found

from PCAP

form PCAP to TXT

from firewall DNAT Rule

From Services

Question:

what filter that might be "turn on" that make this encapsulated multipart part: application/isup missing or filtered at "D" point?

and how to make this filter off or exclude at sophos so we can get this ISUP MIME work as linux iptables does

how we know are we using SIP Helper on not? there's only command

console> system system_modules sip unload and load

I never try to load nor unload, because i don't know current setup

 

Thank You.



This thread was automatically locked due to age.
  • 0

    Hi,

    please show your firewall rule. Do you have VoIP selected in your firewall rule?

    Ian

    extra stuff.

    My VoIP rule I have two phones. They don't get much use so I can't tell about call failures or not, they do work each time they are tested.

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Yes all the same. and everything are work, did you do PCAP capture?

    I Didn't know there's ISUP filtering if I didn't do TCPDUMP, I need that ISUP because at that MIME there many information that I need more then Just Voice.

    Mose people here always as about the voice quality or the connection issue, but in my care, need Voice Data Information and that information was encapsulated at that SIP INVITE.

    I have this issue with Tipping Point IPS but I can remove/Exclude any SIP Filtering but don't know how at sophos.

    the IPS do removing bad packet and lets the good packet pass-trought but i need the IPS run but not for the SIP package

  • 0 in reply to H Obe RS

    Hi There,

     

    I Got Update from ISP, that they has 2 SIP Server with different Setup, I for SIP another is SIP-I, those Server are behind Load Balance.

    Every time I got SIP-I server, the 482 LOOP DETECTED are occur, but everything look good if just just SIP but the information that I need was not there ether, I don't know why, may be that because there's no information like caller ID, LIID or else, I don't know why Sophos blocked or Filtered that ISUP MIME, where should I go to look at log to watch there was filtered packet that happen? because I did not see any line at IPS Log?

  • 0 in reply to H Obe RS

    here some knowledge that can make you more get enlightenment

     

    http://mail.sipforum.org/pipermail/discussion/2008-July/015847.html

    https://tools.ietf.org/html/rfc3398

    BTW, I don't have issue with the voice, we record all communications, but not the voice that we need, we need time, locations, caller ID receive ID and etc, and almost all that information are at that ISUP MIME

    hope can get enlightenment for me from The Sophos

Unfiltered HTML