Cisco PIX – How to Increase SIP Timeout for REGISTER Transaction Type

A client app that registers through a PIX to a 3rd party SIP provider shows a 0:03:00 timeout. The client automatically reregisters every 5 minutes and doesn't appear configurable. After 3 minutes, the PIX deletes the REGISTER session as confirmed by "debug sip". Any calls (i.e., INVITEs) placed outbound between the 3rd and 5th minutes fail until the app registers again. This was confirmed by packet captures on both sides of firewall.

The only SIP timeout in the config matching this 0:03:00 was sip-invite 0:03:00. This timeout does not affect the REGISTER timeout when tested, and I see no other configurable timeouts to increase the timeout to be > the 5 minutes of the app. Is there another way to increase the timeout for REGISTERs or another way to address this timeout issue short of disabling SIP Inspection? I also don't see any custom SIP Inspection maps that could address this.

fw-oc2-3f-1# sh sip
Total: 1

call-id 4e32993a6ee34d0eb0499c3615763973
    CSeq: REGISTER
From: sip:removed5085@phone.removed.com;86315e57cf92475e9f8f9a5ecd375254
To: sip:removed5085@phone.removed.com;
    state Call init, timeout 0:03:00 idle 0:01:45
        Transaction                    State                 Timeout  Idle
        Cseq 39763 REGISTER            Transaction Proceeding0:03:00  0:01:45

fw-oc2-3f-1# sh run timeout
timeout xlate 1:00:00
timeout conn 0:30:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute

PIX 7.2(2)

SIP::Not updating database for Contact x.17.30.16/60422, registry database total 0 SIP::Non-session level connection addr x.17.30.16, media port 4000 Created SIP session for inside:x.17.30.16/55816 to outside:y.241.2.206/5060, 1 total SIP::Adding early RTP conn y.241.2.206/* to x.17.30.16/4000

Best Answer

After further research, looks like this is Cisco bug CSCei29494 though I see no fixed release. An ASA 5515-X running 9.1(2) shows the same 0:03:00 timeout, also apparently not configurable, though it doesn't have the same trouble with calls (e.g. INVITEs) when the REGISTER session expired and got deleted by the ASA.

Initial REGISTER shows "expires" found and set to 300 seconds, but PIX is setting to 180 (0:03:00).

SIP::Found CSeq 21141 REGISTER
...
SIP::Found Expires, 300 seconds

ASA looks to allow INVITE and RTP without a REGISTER session as shown by these sip debug entries:

Best Answer

Related Solutions

Cisco – How to disable SIP on IOS 12.x

Cisco – Allow Network to Network traffic for specific port, Cisco PIX v6.2

Related Topic