Troubleshooting Questions
1. Media does not work when the RTSP ALG is configured. What do I do?
- Check RTSP conversations to see whether both TCP and UDP flows exist.
- The ALG protocol should be displayed as
rtsp.
2. How do I check for ALG errors?
- You can check for errors by issuing the following command. Each ALG has a separate field for ALG packet errors.
user@host# show services stateful-firewall statistics extensive
Interface: sp-3/2/0
Service set: svc_set
New flows:
Accepts: 1347, Discards: 0, Rejects: 0
Existing flows:
Accepts: 144187, Discards: 0, Rejects: 0
Drops:
IP option: 0, TCP SYN defense: 0
NAT ports exhausted: 0
Errors:
IP: 0, TCP: 276
UDP: 0, ICMP: 0
Non-IP packets: 0, ALG: 0
IP errors:
IP packet length inconsistencies: 0
Minimum IP header length check failures: 0
Reassembled packet exceeds maximum IP length: 0
Illegal source address: 0
Illegal destination address: 0
TTL zero errors: 0, Illegal IP protocol number (0 or 255): 0
Land attack: 0
Non-IPv4 packets: 0, Bad checksum: 0
Illegal IP fragment length: 0
IP fragment overlap: 0
IP fragment reassembly timeout: 0
Unknown: 0
TCP errors:
TCP header length inconsistencies: 0
Source or destination port number is zero: 0
Illegal sequence number and flags combinations: 0
SYN attack (multiple SYN messages seen for the same flow): 276
First packet not a SYN message: 0
TCP port scan (TCP handshake, RST seen from server for SYN): 0
Bad SYN cookie response: 0
UDP errors:
IP data length less than minimum UDP header length (8 bytes): 0
Source or destination port number is zero: 0
UDP port scan (ICMP error seen for UDP flow): 0
ICMP errors:
IP data length less than minimum ICMP header length (8 bytes): 0
ICMP error length inconsistencies: 0
Duplicate ping sequence number: 0
Mismatched ping sequence number: 0
ALG errors:
BOOTP: 0, DCE-RPC: 0, DCE-RPC portmap: 0
DNS: 0, Exec: 0, FTP: 0
H323: 0, ICMP: 0, IIOP: 0
Login: 0, NetBIOS: 0, NetShow: 0
Real Audio: 0, RPC: 0, RPC portmap: 0
RTSP: 0, Shell: 0, SIP: 0
SNMP: 0, SQLNet: 0, TFTP: 0
Traceroute: 0