- CheckMates
- :
- Products
- :
- Quantum
- :
- Remote Access VPN
- :
- Re: Blocking ports 39960-40000
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Blocking ports 39960-40000
Good afternoon.
We use SIP telephony via Mobile Access. Users connect to Capsule VPN and can use the mobile app to make calls to our internal numbers.
Ports 10000-20000 are used for this purpose.
Now we have a need to introduce additional telephony, which will work on ports 39960-40000.
And there was a problem with that.
The call goes through, the call is set, but the voice is not heard.
All necessary ports on the gateways are open.
Here are the results of our tests:
1) SIP telephony works, which worked for us all the time at 10000-20000, does not work correctly on ports 399600-40000. The problem is the same, I can't hear the voice.
2) The new telephony has been switched to ports 10000-20000, everything works correctly, the call is set, the voice is heard.
3) We turned off the Capsule VPN for testing. Both SIP telephony and the new telephony work correctly on 10000-20000 and 399600-40000 ports.
Therefore, we conclude that Capsule VPN blocks ports 399600-40000, but we do not understand exactly how.
Please help me with this, maybe someone has already met with this.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ask CP TAC to resolve this !
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is this a different telephony vendor, how did you define the services compared to the previous ones and are back connections already enabled in global properties?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We used the old telephony on these ports for telephony only.
What we are most interested in is why everything works fine when Capsule VPN is turned off. But as soon as we enable the VPN, the connection is established, voice UDP (RTP) packets are sent from the server side to the user side, but no voice is heard. We don't get any return voice packets either.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Wait...when you say you tested with turning off capsule VPN and it worked, what do you mean exactly by that? Capsule VPN is not blade itself, rather the app on the phone.
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I apologize, yes you are right, I misspoke. We shut down MAB and checked.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No worries. Just to be 100% sure we are on the same page here, so you turned off mobile access blade on the fw, installed policy and then all worked fine?
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, we completely disable the mobile access blade, enable the rule for direct access from the network under test to the internal network, and set the policy. After that, everything starts working and we can hear voice in both directions.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can try this...say port is 40000, run from expert -> fw ctl zdebug + drop | grep "40000"
this is when mobile access blade is enabled
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Version/JHF of gateway?
Version of Capsule client?
What precise rules are being used to permit the traffic?
Please provide screenshots (sensitive details redacted)