Solving SIP One-Way Audio Issues

Solving SIP One-Way Audio Issues

30240
Created On 07/12/22 14:10 PM - Last Modified 10/12/22 02:42 AM


Symptom


  • Source NAT policy configured to translate traffic from the mobile gateway to outside the Internet
  • Source Address Translation Type set to ‘Dynamic IP And Port’

GUI: Policies > Nat > Add (or select configured policy)

Destination Address Tranalation.png

  • One-way audio issue when calling from third party softphone application to corporate mobile phones
  • Only one UDP traffic flow between mobile gateway and the third party softphone application
  • The firewall also translates the source port as shown below in packet captures.
edited_rx&tx_notworking.png
(received and transmit stages merged pcap)
  • The responding UDP traffic flow is sent to the original source port, not the translated port due to SIP negotiation
  • The firewall drops the responding UDP traffic flow

edited_dp_notworking.png(drop stage pcap)

 

Environment


  • Palo Alto 3220 Firewall
  • PANOS 9.1.10
  • Source NAT policy configured with 'Dynamic IP And Port' as Source Address Translation Type
  • Third-party softphone application
  • SIP (Session Initiation Protocol)

Cause


Incorrect Source NAT Policy Configuration

Resolution


  1. Modify the Source Address Translation Type from ‘Dynamic IP And Port’ to ‘Dynamic IP’ to solve the issue and have two-way audio flows:
GUI: Policies > Nat > Add (or select configured policy)

edited_NAT Policy Dynamic IP_detail.png

 

edited_rx&tx_working.png

(received and transmit stages merged pcap)


 

 

Additional Information


Source NAT Translation Types and Typical Use Cases
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000CqTeCAK&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language