NAT issue with re-invite?


In my setup there is Asterix server and a bunch of IP phones behind a Juniper SSG firewall/NAT. They are connected using a SIP trunk to a provider.
Calls generally work fine expect for one ongoing issue which I’m unable to overcome. Calls going to external destinations usually (but not always) drop after exactly 30 minutes. I have been capturing traffic outside the firewall and also near the Asterix server and came to the following conclusion. After 30 minutes there is a re-invite coming from the provider’s PBX server. I assume the re-invite is a result of the session timer expiry, though I thought in that case it should contain no SDP. In any case the SDP is there and seems to be identical to the original one. The Astrix replies to this message, again using the same SDP, and all seems to be ok for the next 7-10 seconds. But then all of a sudden no more RTP is sent by the remote gateway (happens to be a Sonus). The local phone keeps sending RTP to the Astrix which keeps forwarding it to the Sonus but no RTP comes back and obviously the call is no longer usable, and the user thinks it was disconnected.

Any idea what’s wrong here? Apparently it is not a phone issue because it happens with all endpoints and the re-invite is not even forwarded to the local phone. It thinks all is ok.
It must be either a firewall issue (I tried enabling and disabling the SIP ALG on the SSG but it didn’t change anything), or some configuration issue either on the Asterix or on the remote PBX.

Any help would be greatly appreciated!

Not 100% sure, it it appears you may be having the same problem as me.

Asterisk bug issue:
my post: viewtopic.php?f=1&t=73955