Recently we are down with an issue where our Cisco phone are able to get connected but there's no audio at all. Packet captures show that we are able to see the SIP connection but no RTP packet at all.
We perform an bypass on the IPS sensor and calls went back to normal. There was no alerts triggered on relation to any IP address from the source or destination IP.
What can i do next as bypassing the whole network doesn't seems feasible for the long run .
When did the issue start occurring? Was it after an upgrade or configuration change?
We had an issue with certain packets being dropped because the packet fragments had different DSCP values and the sensors could not reassemble them.
Turning off fragment reassemble stopped the problem occurring for us but we are still waiting on a permanent fix.
We were told to follow the steps in the below KB to trouble shoot the issue
How to troubleshoot Sensor latency issues
And if you haven't already open an SR with Support open one.
Support was telling us that the signature set is conflicting with the NSP old code but even after upgrade to the new code, Issue still persist. Ticket have been opened and we are currently still looking at our options. Will take a look on the KB provided and if it helps.
Are they saying that the new SigSet is conflicting with the old one? Or are you referring to the sensor software?
If it's just the signatures have you tried using the 'deletesignatures' command on the sensor?
This will remove all the signatures and reboot the sensor, you can then install just the latest SigSet.
Limiting to 1 sensor only. We have other sensor with the same model but this is the only one affected ?
WE even tried the ignore rules within the firewall policies but packets are still being blocked. This actually puzzles me as the firewall policies should super-seed any other policies within the sensor itself.