Zeus,
There is the problem.. As you pointed out zeus, the SJPhone application is sending the correct format in the request line of ACK, but the ALG is not rewriting the address and port correctly. It is missing the port part of the request line. Hence I guess since there is no port in the ACK request line, the proxy is sending the ACK to the default port 5060.(please correct me if i am wrong with the guess)
I will correct the ALG to take care of this and let you guys know if this fixes the problem.
Coming to multiple 200 OK s with different contact ports, Since the ACK sent by host1 is not passing through fw2, the SJPhone application on host2 is sending 200 OKs repeatedly, which in turn is causing the ALG to send the 200 OK with a different contact port for each of this 200 OK.
I could have sent the ethereal capture inside of the ALG as well, but the capture is huge and I guess it will not be allowed. Anyways if you guys are still interested to look at the capture inside of ALG, i will send the capture with the selective packets.
Once again thanks Zeus and Jan for your comments and quick responses to my mails.
Regards Mahesh
Jan,
It true that the Request-URI is incorrect. However, I would not jump to conclusion that it's Sjphone's problem yet unless it's a known problem with their 1.0 version software. The capture is on the wan side of a ALG device.
From my point of perspective, the ALG does not rewrite the address and port
correctly. That may be the problem.
Looking at fw2's dump, the 200OK (packet 16), the contact address is sip:202.125.84.163:1585. A moment later, the same 200OK (packet 17) has contact address of sip:202.125.84.1585. If both firewalls are the same, I would say it's logic is wrong and causing Sjphone response with wrong information. This is why I response in another mail that the contact address is different on every other packet.
Mahesh,
Could you also send in the ethereal dump inside the ALG as well? That would help isolate the problem, whether it's with Sjphone or the ALG.
Zeus
-----Original Message----- From: Jan Janak [mailto:jan@iptel.org] Sent: Wednesday, 15 September 2004 8:45 PM To: mahesh Cc: Zeus Ng; serusers@lists.iptel.org Subject: Re: [Serusers] Proxy sending ACK on port 5060 instead of on contact port
The ACK from Sjphone is broken, it contains sip:202.125.84.163 in the Request-URI but the Request-URI should be sip:202.125.84.163:1585 (port is missing) because that's what the UA receives in 200 OK.
Jan.
On 15-09 15:22, mahesh wrote:
Hi Zeus,
I am attaching the ethereal captures of both fw1 and fw2(on wan interfaces). Only relevant packets are shown in the capture
to minimize the
file size. The NAT IP used by fw1 is 202.125.84.164 and the one used by fw2 is 202.125.84.163
regards Mahesh
Mahesh,
Given that you have ethereal capture, send it in to the
list and we
can see what's happening.
Zeus
-----Original Message----- From: serusers-bounces@lists.iptel.org [mailto:serusers-bounces@lists.iptel.org] On Behalf Of mahesh Sent: Wednesday, 15 September 2004 5:15 PM To: serusers@lists.iptel.org Subject: [Serusers] Proxy sending ACK on port 5060 instead of on contact port
Hi all,
I am using the following configuration to test SJPhone through IPTEL proxy server(publicly available:195.37.77.99).
HOST1(win2K)---FW1---Internet---FW2---HOST2(winXP)
Host1 and Host2 are hosts with private IPs having SJPhone application. FW1 and FW2 are firewall/NAT devices with SIP-ALG implementation. This means all the SIP messages are modified to include the public IPs in them. Also the via,contact ports are modified. Now both host1 and host2 register with the iptel proxy server. A call is initiated from host1. Host2 sends 200 OK response to the HOST1. After this the ACK sent by Host1 is sent to port 5060 on HOst2,instead of the contact port advertised in 200 OK. This is observed from ethereal captures on Host2. All these messages are going through the proxy server(195.37.77.99).
Can someone please tell me why the proxy server is behaving this way, i.e. sending ACK on 5060 instead of the contact. Is there anything that i am missing here or doing wrong.
Thanks Mahesh
Serusers mailing list serusers@lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers