Problem with IP phones after ISP failover change

I've ran into a strange problem at one of my clients. They use ShoreTel Sky cloud IP telephony service and use Cisco 7960 IP phones hooked up to an ASA 5520.

The configuration is done through IP SLA tracking. The phones do work when the connection gets swapped from MAIN to BACKUP and I see routes 0.0.0.0 are pointed to the IP of BACKUP_ISP. So I would get:

C BACKUP ISP IP 255.255.255.248 is directly connected, BACKIP_ISP

C MAIN ISP IP 255.255.255.248 is directly connected, MAIN_ISP

and this part when MAIN_ISP is up:

S* 0.0.0.0 0.0.0.0 [1/0] via MAIN ISP IP, MAIN_ISP

and when BACKUP_ISP gets switched I see route is being updated:

S* 0.0.0.0 0.0.0.0 [1/0] via BACKUP ISP IP, BACKUP_ISP

Once the interfaces get switched back to MAIN_ISP everything does work the route S* gets populated with MAIN_ISP in the routing table, WAN for workstations and phones is reachable, but when I dial after a swap from BACKUP_ISP to MAIN_ISP to any phones, the phone does dial out but we hear no voice, I do get the call to my cell phone, but I hear no voice on the IP phone or on receiving cell phone.

The only way to resolve this problem as of right now is to disable/enable BACKUP interface to have C BACKUP_ISP IP 255.255.255.248 is directly connected, BACKIP_ISP removed and then readded. This seems to work, we also need to reinitialize the phones, meaning since they are PoE we need to unplug/plug patch cable.

Please if anyone knows what can I do about this or what direction to look into, I would really appreciate. The main issue here that on the network side I have captured the traffic from all conditions and there is no difference whatsoever when phones work and when they do not.

Thank you.

Best Answer

From your description of the issue, this could be related to the UDP connections not being torn down from the Backup interface once the Main interface becomes available.

You can use the following command:

timeout floating-conn 0:01:00

This specifies the timeout to be one minute before the ASA tears down the connection once a more preferred route is added to the routing table.

The assumption here is that when you manually down the interface, the connections will be torn down via brute force. This should be a more elegant and automated approach.

This command was introduced in later code versions so you may have to upgrade your code to use this feature.

Credit:

Cisco Link explaining issue in detail

Best Answer

Related Solutions

Cisco – ASA 5505 routing issues

Cisco – Dual ASA5510 with dual ISP failover

Related Topic