I have a issue related to SIP Traffic . I am using ASA 126.96.36.199 and the call manager is sitting Inside of ASA and there is one more call manager sitting outside of ASA .The user (from his IP Phone) dials to a remote phone and registers with inside CUCM , from where the packet hits ASA and goes to remote CUCM behind which the destination phone is located.
1) When a call is initiated from Inside IP Phone it will register itself to a SIP registrar server which is CUCM
(IP Phone and CUCM are located behind the ASA and CUCM exits ASA with NATTED IP)
2) Once it has registered , the CUCM (NATTED IP ) sends an INVITE request to the destination CUCM on UDP /5060 , traversing via ASA Firewall ; however packet captures show only SIP under the protocol column , ideally for INVITE packet it should show SIP/SDP (Please correct me if i am wrong)
3) The Remote server at the other end is replying with “ Status : 100 giving a try “ which means that some unspecified action is being taken on behalf of this call (e.g.,a database is being consulted),but the user has not yet been located.
4) After some time , the server replies again with “ Status : 408 Request Timeout” which means that server is not able to send a response for which the Inside Call manager sends a CANCEL Request
From the debug sip and Syslogs in ASA :
a) There is no deny message in the Syslog according to any access-list
b) debug sip shows below message (IP Addres id Inside CUCM)
SIP::Not updating database for Contact 10.3.1.1/5060, registry database total 0
a) Inspect SIP is allowed
b) Following NAT are there
nat (inside) 1 10.3.1.1 255.255.255.255
global (outside) 1 interface
static(inside,outside) udp interface sip 10.3.1.1 sip
c) show service-policy doesnot show any drops related to SIP
According to me the ideal reply after an INVITE message should have been
Status : 180 Ringing and SIP/2.0 183 Session Progress which is an indication to start the RTP
Please let me know if i am hitting bug CSCtb23281
I didn't quite understand the complete call flow. Let me try to picture what I've understood
1. Phone1 to CUCMA 1 is SIP
2. CUCMA to CUCMB is sip (two different Cluster)
3. CUCMB to PhoneB is sip
You are trying to make call from PhoneB to PhoneA
are these assumptions right?
CUCMB sends Invite to CUCMA
CUCMA sends 100 Trying
CUCMA sends 408 Request Timeout
CUCMB sends Cancel
In that scenario, I would assume that CUCMA also send invite to Phone A, but didn't get any response. If CUCMA doesn't know if about PhoneA, it would send different message.
Regarding the other question, if MTP is not checked on the SIP trunk on CUCM, it will not send SDP in the invite. It will be a delayed offer.
Please correct me about the call flow. I will be able to help you further.
The call flow is correct , i would like to know if there could be an issue between CUCM A and Phone A ?
If MTP is not checked on the SIP trunk on CUCM , do you mean to say that the CUCM behind the inside interface of ASA need to have this parameter checked ?The issue is that i am confused as to whether ASA is opening the hole with inspect sip command or not . Suppose if ASA is opening this hole , then can it be like that MTP is not checked thats why the (SIP+SDP) not going in Invite
Also i have one more question , is it like that the MTP needs to be checked on the SIP trunk on the Outside CUCM also ?
If MTP is not checked, CUCM will not send INVITE with SDP.
You need to check if CUCM can send calls to PhoneA. I'm wondering why CUCMA would return request time out. Are they on same location, no firewall?
Also, will you be able to packet capture from inside and out of the ASA?
this could also means that CUCM B may not have MTP option checked / ticked when packet is going outside and hitting ASA and then CUCM A
Also there i only 1 firewall in between CUCM A and CUCM B .What i think is that when packet reaches CUCM A , it tries to call Phone A and is not getting response and after sometime , it sends reply back to ASA for CUCM B regarding time out . I am surely gng to attach captures today evening
Can you send a debug sip and debug sip ha from the ASA also can you send a sniffer capture from both of the CUCM servers.
P.S Please mark this question as answered if it has been resolved. Do rate helpful posts.