Publication Date: 2018-09-12 | Views: 611 | Downloads: 0 | Author: d84093304 | Document ID: EKB1001851629
2 videoconference terminals TE30 are installed in different locations, behind NAT gateways/firewalls. The schematics are like this:
TE30-A ---> NAT-GW-A ----------- Internet -----------> NAT-GW-B -> TE30-B
Problem is the following:
1. Call from TE30-A to TE30-B : call gets disconnected after cca. 30 sec. with the following error being displayed on TE30-A's web interface: "Called site has rejected your call"
2. Call from TE30-B to TE30-A : call gets immediately disconnected with the following error being displayed on TE30-B's web interface: "The called site is offline; please dial later"
Calls have been made from each side to the other and signaling logs were gathered. From the analysis, the following conclusions were drawn:
1. Call from TE30-A to TE30-B: this call fails due to the fact that after TE30-B responds, the TE30-A tries to initiate the H245 TCP connection and the SYN packets get no response. After 3 SYN packets sent, TE30-A disconnects the call by sending “Release Complete”
(the redacted IP's are real IPs of NAT gateways/firewalls)
2. Call from TE30-B to TE30-A: this call fails due to the fact that after TE30-A responds, the H245 TCP connection attempt is actively rejected by the NAT-GW-A firewall (you can see that after the SYN packet, the TE receives a RST packet). Therefore, the TE30-B immediately disconnects the call.
Incorrect implementation of the communication matrix for this type of terminals in the NAT gateways/firewalls
Implement the correct communication matrix in the NAT gateways/firewalls