Interesting Problem with Checkpoint Secure platform and Nortel VOIP

Interesting Problem with Checkpoint Secure platform and Nortel VOIP

am 16.05.2007 17:14:46 von Shera

I am currently having an issue troubleshooting the startup sequence on
a nortel IP

Phone 2002.

Set up is as follows - PC connected to IP 2002 Phone- --- connected to
Cisco 3002 hardware client -----connected to router ----- internet----
checkpoint firewall -----dmz interface ----- cisco vpn concentrator
----- cisco switch -----Nortel Call Server


-All necessary routing set up to Nortel Call Server and VPN
established with no problem
-Able to ping Nortel Call Server from PC
- Rules on Checkpoint allowing all traffic between the Phone's network
address and the Nortel Call Server

However, the phone just hangs and complains that it cannot connect to
S1 server
- Tcpdump on the firewall shows the following conversation during
startup sequence:
=~=~=~=~=~=~=~=~=~=~=~=
15:09:00.438281 172.24.31.11.5000 > 172.24.30.2.4100: udp 13 [tos
0xa0]
15:09:00.499242 172.24.31.11.5000 > 172.24.30.2.4100: udp 13 [tos
0xa0]
15:09:00.559080 172.24.31.11.5000 > 172.24.30.2.4100: udp 10 [tos
0xa0]
15:09:00.565450 172.24.31.11.5000 > 172.24.30.2.4100: udp 23 [tos
0xa0]
15:09:00.629659 172.24.31.11.5000 > 172.24.30.2.4100: udp 10 [tos
0xa0]
15:09:00.635032 172.24.31.11.5000 > 172.24.30.2.4100: udp 10 [tos
0xa0]
15:09:00.640404 172.24.31.11.5000 > 172.24.30.2.4100: udp 10 [tos
0xa0]
15:09:00.644777 172.24.31.11.5000 > 172.24.30.2.4100: udp 10 [tos
0xa0]
15:09:00.649273 172.24.31.11.5000 > 172.24.30.2.4100: udp 10 [tos
0xa0]
15:09:00.653519 172.24.31.11.5000 > 172.24.30.2.4100: udp 10 [tos
0xa0]
15:09:00.659143 172.24.31.11.5000 > 172.24.30.2.4100: udp 38 [tos
0xa0]
15:09:00.664388 172.24.31.11.5000 > 172.24.30.2.4100: udp 14
15:09:00.729599 172.24.31.11.5000 > 172.24.30.2.4100: udp 10
15:09:00.750959 172.24.31.11.5000 > 172.24.30.2.4100: udp 15
15:09:00.818790 172.24.31.11.5000 > 172.24.30.2.4100: udp 10
15:09:00.824287 172.24.31.11.5000 > 172.24.30.2.4100: udp 14
15:09:00.888373 172.24.31.11.5000 > 172.24.30.2.4100: udp 10
15:09:00.894869 172.24.31.11.5000 > 172.24.30.2.4100: udp 20
15:09:00.962203 172.24.31.11.5000 > 172.24.30.2.4100: udp 10
15:09:00.967699 172.24.31.11.5000 > 172.24.30.2.4100: udp 10
15:09:00.972071 172.24.31.11.5000 > 172.24.30.2.4100: udp 10
15:09:00.976442 172.24.31.11.5000 > 172.24.30.2.4100: udp 10
15:09:00.981214 172.24.31.11.5000 > 172.24.30.2.4100: udp 10
15:09:00.986687 172.24.31.11.5000 > 172.24.30.2.4100: udp 10
15:09:00.989435 172.24.31.11.5000 > 172.24.30.2.4100: udp 10
15:09:00.996431 172.24.31.11.5000 > 172.24.30.2.4100: udp 10
15:09:01.000303 172.24.31.11.5000 > 172.24.30.2.4100: udp 10
15:09:01.005174 172.24.31.11.5000 > 172.24.30.2.4100: udp 10
15:09:01.010671 172.24.31.11.5000 > 172.24.30.2.4100: udp 38 [tos
0xb4]
15:09:01.015670 172.24.31.11.5000 > 172.24.30.2.4100: udp 22 [tos
0xb4]
15:09:01.030249 172.24.31.11.5000 > 172.24.30.2.4100: udp 10 [tos
0xb4]
15:09:01.037870 172.24.31.11.5000 > 172.24.30.2.4100: udp 10 [tos
0xb4]
15:09:01.051646 172.24.31.11.5000 > 172.24.30.2.4100: udp 10 [tos
0xb4]
15:09:01.054394 172.24.31.11.5000 > 172.24.30.2.4100: udp 10 [tos
0xb4]
15:09:01.055643 172.24.31.11.5000 > 172.24.30.2.4100: udp 10 [tos
0xb4]
15:09:01.056643 172.24.31.11.5000 > 172.24.30.2.4100: udp 10 [tos
0xb4]
15:09:01.057981 172.24.31.11.5000 > 172.24.30.2.4100: udp 10 [tos
0xb4]
15:09:01.063388 172.24.31.11.5000 > 172.24.30.2.4100: udp 10 [tos
0xb4]
15:09:01.067761 172.24.31.11.5000 > 172.24.30.2.4100: udp 10 [tos
0xb4]
15:09:01.088373 172.24.31.11.5000 > 172.24.30.2.4100: udp 10 [tos
0xb4]
15:09:01.093995 172.24.31.11.5000 > 172.24.30.2.4100: udp 10 [tos
0xb4]
15:09:01.099241 172.24.31.11.5000 > 172.24.30.2.4100: udp 10 [tos
0xb4]
15:09:01.108111 172.24.31.11.5000 > 172.24.30.2.4100: udp 10 [tos
0xb4]
15:09:01.118855 172.24.31.11.5000 > 172.24.30.2.4100: udp 10 [tos
0xb4]
15:09:01.124477 172.24.31.11.5000 > 172.24.30.2.4100: udp 10 [tos
0xb4]
15:09:01.128597 172.24.31.11.5000 > 172.24.30.2.4100: udp 10 [tos
0xb4]
15:09:01.133060 172.24.31.11.5000 > 172.24.30.2.4100: udp 10 [tos
0xb4]
15:09:03.489369 172.24.31.11.5000 > 172.24.30.2.4100: udp 14 [tos
0xb4]
15:09:03.554579 172.24.31.11.5000 > 172.24.30.2.4100: udp 10 [tos
0xb4]
15:09:03.559926 172.24.31.11.5000 > 172.24.30.2.4100: udp 10 [tos
0xb4]
15:09:03.564323 172.24.31.11.5000 > 172.24.30.2.4100: udp 10 [tos
0xb4]
15:09:03.568695 172.24.31.11.5000 > 172.24.30.2.4100: udp 10 [tos
0xb4]
15:09:03.574619 172.24.31.11.5000 > 172.24.30.2.4100: udp 10 [tos
0xb4]
15:09:03.579164 172.24.31.11.5000 > 172.24.30.2.4100: udp 10 [tos
0xb4]
15:09:03.582935 172.24.31.11.5000 > 172.24.30.2.4100: udp 10 [tos
0xb4]
15:09:03.587184 172.24.31.11.5000 > 172.24.30.2.4100: udp 10 [tos
0xb4]
15:09:03.591429 172.24.31.11.5000 > 172.24.30.2.4100: udp 10 [tos
0xb4]
15:09:03.596926 172.24.31.11.5000 > 172.24.30.2.4100: udp 10 [tos
0xb4]
15:09:03.601300 172.24.31.11.5000 > 172.24.30.3.7300: udp 13 [tos
0xb4]
15:09:03.659239 172.24.31.11.5000 > 172.24.30.3.7300: udp 13 [tos
0xb4]
15:09:03.718725 172.24.31.11.5000 > 172.24.30.3.7300: udp 10 [tos
0xb4]
15:09:03.725471 172.24.31.11.5000 > 172.24.30.3.7300: udp 23 [tos
0xb4]
15:09:03.789556 172.24.31.11.5000 > 172.24.30.3.7300: udp 10 [tos
0xb4]
15:09:03.794928 172.24.31.11.5000 > 172.24.30.3.7300: udp 10 [tos
0xb4]
15:09:03.800302 172.24.31.11.5000 > 172.24.30.3.7300: udp 10 [tos
0xb4]
15:09:03.804671 172.24.31.11.5000 > 172.24.30.3.7300: udp 10 [tos
0xb4]
15:09:03.809045 172.24.31.11.5000 > 172.24.30.3.7300: udp 10 [tos
0xb4]
15:09:03.813292 172.24.31.11.5000 > 172.24.30.3.7300: udp 10 [tos
0xb4]
15:09:03.820036 172.24.31.11.5000 > 172.24.30.3.7300: udp 38 [tos
0xb4]

69 packets received by filter
0 packets dropped by kernel
tcpdump -i src h eht th4 src host 172.24.30.3
tcpdump: listening on eth4
15:11:49.741566 172.24.30.3.7300 > 172.24.31.11.5000: udp 6 [tos
0xb4]
15:11:49.816447 172.24.30.3.7300 > 172.24.31.11.5000: udp 6 [tos
0xb4]
15:11:49.818194 172.24.30.3.7300 > 172.24.31.11.5000: udp 10 [tos
0xb4]
15:11:49.883369 172.24.30.3.7300 > 172.24.31.11.5000: udp 6 [tos
0xb4]
15:11:49.883900 172.24.30.3.7300 > 172.24.31.11.5000: udp 13 [tos
0xb4]
15:11:49.883913 172.24.30.3.7300 > 172.24.31.11.5000: udp 10 [tos
0xb4]
15:11:49.883924 172.24.30.3.7300 > 172.24.31.11.5000: udp 13 [tos
0xb4]
15:11:49.883936 172.24.30.3.7300 > 172.24.31.11.5000: udp 12 [tos
0xb4]
15:11:49.883947 172.24.30.3.7300 > 172.24.31.11.5000: udp 11 [tos
0xb4]
15:11:49.883958 172.24.30.3.7300 > 172.24.31.11.5000: udp 10 [tos
0xb4]
15:11:49.977542 172.24.30.3.7300 > 172.24.31.11.5000: udp 6 [tos
0xb4]

11 packets received by filter
0 packets dropped by kernel
[Idle timeout expired, performing auto-logout...