Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Railx
Explorer

Blocking ports 39960-40000

Good afternoon.

We use SIP telephony via Mobile Access. Users connect to Capsule VPN and can use the mobile app to make calls to our internal numbers.

Ports 10000-20000 are used for this purpose.

Now we have a need to introduce additional telephony, which will work on ports 39960-40000.
And there was a problem with that.
The call goes through, the call is set, but the voice is not heard.

All necessary ports on the gateways are open.

Here are the results of our tests:
1) SIP telephony works, which worked for us all the time at 10000-20000, does not work correctly on ports 399600-40000. The problem is the same, I can't hear the voice.

2) The new telephony has been switched to ports 10000-20000, everything works correctly, the call is set, the voice is heard.

3) We turned off the Capsule VPN for testing. Both SIP telephony and the new telephony work correctly on 10000-20000 and 399600-40000 ports.

Therefore, we conclude that Capsule VPN blocks ports 399600-40000, but we do not understand exactly how.
Please help me with this, maybe someone has already met with this.

9 Replies
G_W_Albrecht
Legend Legend
Legend

Ask CP TAC to resolve this !

 

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Chris_Atkinson
Employee Employee
Employee

Is this a different telephony vendor, how did you define the services compared to the previous ones and are back connections already enabled in global properties?

CCSM R77/R80/ELITE
Railx
Explorer

We used the old telephony on these ports for telephony only.
What we are most interested in is why everything works fine when Capsule VPN is turned off. But as soon as we enable the VPN, the connection is established, voice UDP (RTP) packets are sent from the server side to the user side, but no voice is heard. We don't get any return voice packets either.

the_rock
Legend
Legend

Wait...when you say you tested with turning off capsule VPN and it worked, what do you mean exactly by that? Capsule VPN is not blade itself, rather the app on the phone.

Andy

Railx
Explorer

I apologize, yes you are right, I misspoke. We shut down MAB and checked.

the_rock
Legend
Legend

No worries. Just to be 100% sure we are on the same page here, so you turned off mobile access blade on the fw, installed policy and then all worked fine?

Andy

Railx
Explorer

Yes, we completely disable the mobile access blade, enable the rule for direct access from the network under test to the internal network, and set the policy. After that, everything starts working and we can hear voice in both directions.

the_rock
Legend
Legend

You can try this...say port is 40000, run from expert -> fw ctl zdebug + drop | grep "40000"

this is when mobile access blade is enabled

Andy

PhoneBoy
Admin
Admin

Version/JHF of gateway?
Version of Capsule client?
What precise rules are being used to permit the traffic?
Please provide screenshots (sensitive details redacted)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events