9100 cpu20 sip trunks, 2 new locations

[cayres1003]

New install. 2 locations using AT&T sip trunks. The ATT router is an edgewater router at both.
We have a fortigate firewall between us and them.
In bound has been working without fail.
But the inbound is sporadic at both sites. I can go 1 day or 5 days before we start having issues dialing out. It does seem that the issues are more in the morning than in the afternoon. We have been working on this for 6 weeks now.

I have tickets open with NEC, Fortigate, and AT&T in case you are wondering.

What ATT is saying is that that "... found an issue with the SIP set-up time in the Invite. It is set as 180 and it should be 900 or higher".
NEC is not sure to what they are referring exactly. I am not either. I am not convinced this is the issue, but this is first time in 6 weeks they have giving me anything to work with other than me trying to figure it myself.

Looking for Ideas.

Yesterday, I did put one of the locations directly on the ATT router bypassing the firewall, just for another test. Waiting to see the results.

 

[3racefan3]

Have you tried changing the Invite in 84-20-06 ,the default is 180.

 

[cayres1003]

no because I thought that was for sip extension only. Third party sip to cpu.. Not necessarily related to an outbound sip call.

 

[CoralTech]

I have found that routers are the issue most of the time with UDP timeout.

 

[cayres1003]

I agree with you on that. Just haven't had this issue in a long time. I am not sure where the timer is at

 

[OldNECguy]

Have you tried 84-14-18 in an attempt to keep the UDP port open? Might be worth a try. I'd try a setting of 21 seconds or so.

 

[OldNECguy]

Oops. Looks like the minimum is 60. You may have to change the UDP timeout in the router.

 

[CoralTech]

Ya, I would double whatever the PBX is in the router. That way if there is a lost packet you still can catch it.

 

[cayres1003]

Well, that is where I can currently concentrating, the firewall. I found the udp timeout timer. Changed it from 180 to 900. Waiting to see how things act.

 

[cayres1003]

so it made it work and not work. Work and not work. Over a period of time. Not quickly.
I changed the timer in the firewall back to 180. But I am convinced it has something to do with it.

 

[OldNECguy]

What was the result of your router bypass (first post)?
Have you tried disabling SIP ALG (or sip-helper) in the firewall?
Any chance you could do a packet capture (via WebPro) with just the SIP Trunking filter enabled when you're having outbound failures?

 

[OldNECguy]

By the way, what do you see (on your LCD) or hear when you try to call out and it fails? Are these sites linked in any way (CCIS, Netlink,?)?

 

[CoralTech]

Do not match udp timeout in phone system to router. Smaller timer on phone system larger on router.

 

[OldNECguy]

If your router UDP timeout is 180, and you have 10-23-05 (Keep Alive...) enabled for all 10 digits, 84-14-18 at 60, and 84-14-19 at 5, UDP timeout should not be the culprit. This should send an OPTIONS request every 60 seconds as a Keep-Alive and keep the port open. A packet capture would be very telling.

 

[CoralTech]

Unless they are getting HUGE amounts of packet loss.

 

[cayres1003]

So, first of all, thanks for the suggestions and questions. Somehow, I haven't been getting notifications of any posts.

I think we got it figured out. It turns out it looks like a firewall issue. NTAC didn't really have any suggestions. They basically pointed to the carrier. Carrier was just pointing back. We started looking at the firewall.

After a lot of troubleshooting and having to escalate, the issue was the NAT setting. I had it on for both in bound and out bound. We removed it from the inbound and it fixed the outbound.