0
I am testing Juniper SRX 210 on in my live network. I replaced Cisco 2811 with SRX. There are also Siemens IP phones in the network. After replacing Cisco with Juniper, phones are not available to obtain IP address from DHCP (using DHCP relay). When they are configured manually, phones cannot reach SIP Proxy server. Traces show that requests are reaching server, but server doesn’t send the replays.
I can see that phones are sending DHCP UDP requests, and SIP TCP SYN request, but no response from server.
Network looks like this:
|Phone|----ge.0.0.20 ----| SRX |--- ge.0.0.35---|Cisco1841|------|SIP PROXY|
SYN segmets are passing SRX and reaching SIP Proxy, but server doesnt reply back. Here is one packet sniffed on server's uplink:
35628 332.745096 192.168.30.101 192.168.112.10 TCP 48125 > sip [SYN] Seq=0 Win=5840 Len=0 MSS=1460 SACK_PERM=1 TSV=15631 TSER=0 WS=1
(phone:192.168.30.101, sip proxy:192.168.112.10)
When we put Cisco back everything works normal. Here is sniffed packed:
10304 497.900165 192.168.30.101 192.168.112.10 TCP 48125 > sip [SYN] Seq=0 Win=5840 Len=0 MSS=1460 SACK_PERM=1 TSV=15623 TSER=0 WS=1
Both interfaces on SRX are in the same sec zone with permit all policy. IPS, ALG and Screen are turned off, and traffic is not NATted.
Configuration is attached.
Can anybody advise us how to troubleshoot this problem, and tell me why phones cannot reach DHCP and SIP Proxy servers?
Thank you in advance!
Kind regards!
Attached Files
-
srx210_config.txt 22K
3 downloads
