Phones - Why is my Digium Phone failing to connect through an IPsec Tunnel?
The below example was taken from a network with two Cisco ASA firewalls. The end point was a remote phone(s) that was connected to the network via an IPsec tunnel.
What the packet capture shows is a rhythmic pattern of fragmented packets followed by a series of responses by the switchvox.
The fragmented packets are assembled to start the initial 'Hand Shake'. The numerous responses from the Switchvox with no replies until the next round of fragmented packets arrive indicates a timeout taking place.
In the above packet capture, changing the VPN protocol from IPsec tunnel to MPLS was able to get the SIP phone to register immediately.
In this example, the problem is being caused by the network to fragment packets causing the communication breakdown between the phone and the PBX. The solution to this problem depends on the network architecture but pre fragmentation features from Cisco equipment can also help to resolve the packet fragmentation that caused this issue.