USG5530视频不能播放故障

发布时间:  2014-06-28 浏览次数:  225 下载次数:  0
问题描述
USG5530视频不能播放,排查发现做NAT server的业务,SIP会话没有NAT转换,导致视频播放不了。
告警信息
处理过程
HRP_M[USG5530]dis firewall session table  verbose  application  sip
23:44:07  2014/06/17
Current Total Sessions : 7
  177177  sip  VPN:public --> public
  Zone: untrust--> untrust  PolicyID: 8  TTL: 00:10:00  Left: 00:09:57
  Output-interface: GigabitEthernet0/0/2  NextHop: A.B.C.D  MAC: 00-00-00-00-00-00
  <--packets:0 bytes:0   -->packets:1 bytes:469
  212.129.10.174:5077-->A.B.C.D:5060

HRP_M[USG5530]dis firewall server-map ip A.B.C.D
23:46:39  2014/06/17
  This operation will take a few minutes. Press 'Ctrl+C' to break ...
server-map item(s)
------------------------------------------------------------------------------
Nat Server, any -> A.B.C.D[10.190.3.183], Zone: ---
   Protocol: any(Appro: ---), Left-Time: --:--:--, Addr-Pool: ---
   VPN: public -> public

Nat Server Reverse, 10.190.3.183[A.B.C.D] -> any, Zone: ---
   Protocol: any(Appro: ---), Left-Time: --:--:--, Addr-Pool: ---
   VPN: public -> public

ASPF, any -> A.B.C.D:5060[A.B.C.D:5060], Zone: ---
   Protocol: udp(Appro: sip), Left-Time: 01:58:12, Addr-Pool: ---
   VPN: public -> public


HRP_M[USG5530]dis firewall session table  verbose  application  si                                                
HRP_M[USG5530]dis firewall session table  verbose  application  sip                                               
23:49:49  2014/06/17                                                                                                               
Current Total Sessions : 1                                                                                                        
  957937  sip  VPN:public --> public                                                                                               
  Zone: untrust--> trust  PolicyID: 6  TTL: 00:10:00  Left: 00:09:54                                                               
  Output-interface: GigabitEthernet0/0/8  NextHop: 172.16.102.17  MAC: 00-0f-e2-59-f9-00                                           
  <--packets:4 bytes:2234   -->packets:4 bytes:2200                                                                                
  212.129.10.174:5086-->A.B.C.D:5060[10.190.3.183:5060]            

HRP_M[USG5530-interzone-trust-untrust]dis this
23:48:17  2014/06/17
#
interzone trust untrust
detect ftp
detect mms
detect pptp
detect sip
detect sqlnet
detect h323
detect rtsp
detect msn
detect dns
#
#
return
HRP_M[USG5530-interzone-trust-untrust] undo de       
HRP_M[USG5530-interzone-trust-untrust] undo detect sip
23:48:21  2014/06/17
HRP_M[USG5530-interzone-trust-untrust]q
23:48:22  2014/06/17
HRP_M[USG5530]firewall interzone trust dmz
23:48:28  2014/06/17
HRP_M[USG5530-interzone-trust-dmz]undo de     
HRP_M[USG5530-interzone-trust-dmz]undo detect sip
23:48:31  2014/06/17                                                       
                                                                                                                                   
HRP_M[USG5530]display firewall session table verbose application sip                                              
23:49:56  2014/06/17                                                                                                               
Current Total Sessions : 1                                                                                                        
  957937  sip  VPN:public --> public                                                                                               
  Zone: untrust--> trust  PolicyID: 6  TTL: 00:10:00  Left: 00:09:47                                                               
  Output-interface: GigabitEthernet0/0/8  NextHop: 172.16.102.17  MAC: 00-0f-e2-59-f9-00                                           
  <--packets:4 bytes:2234   -->packets:4 bytes:2200                                                                                
  212.129.10.174:5086-->A.B.C.D:5060[10.190.3.183:5060] 
根因
可能原因:

1、 NAT Server配置有问题

2、 sip会话命中了没有做NAT的会话

3、 sip报文命中特殊的server-map表
建议与总结
异常的会话会导致NAT有问题,特殊的server-map表也会导致业务故障。如果NAT没有转换,首先去查看会话详细信息,去查看server-map表,去清除会话,去清除server-map表应该形成一种固有的NAT问题定位的思维方式。

 ASPF功能是否需要开启,取决现网的实际业务,有时候不开启detect会有问题,有时候开启detect sip会有问题,开启和关闭就两种情况,故障处理时,可以两种情况都尝试下。

END