01-24-2013 07:30 AM - edited 03-11-2019 05:51 PM
Hope this is the right spot for this. I am running an 891W with a ZBFW setup as the CPE, software c890-universalk9-mz.150-1.M4.bin. The issue I am working with is we are using a hosted platform for SIP and trying to register a phone through the SBC. I control the ISP side, this is a test with a customer that we have access to the CPE on. The phone registers fine, I can see the SIP pinhole being made and packets flowing. The problem seems to be when the SBC relays the 401 unauthorized to challenge the authentication, it never gets through the firewall. When we checked with a sniffer, we see the packet going out the SBC and the port matches the pinhole on the firewall including the port info, but no packets ever get to the phone. Does anyone know why this would happen?
Also, the phone is sending out PRACK messages, but they never are seen on the SBC side, it seems like they are not flowing through for some reason.
Solved! Go to Solution.
01-24-2013 12:21 PM
Hello Keith,
Thanks for the explanation.
Would you mind to show the community the exact commands you run so we can learn from you .
Also please mark the question as answered so future users can learn from this,
5 stars for you
01-24-2013 09:43 AM
Hello,
Can you check what you have configured for this,
Also enable the logs,
ip inspect log drop-pkt
try to register and do
show logging | include x.x.x.x ( Call manager or host where the phones will register)
Regards
01-24-2013 11:58 AM
Well, I found the work around. I found the errors for invalid SIP headers, so I ran the "match protocol-violation" bypass and it seems to work. Sort of worries me that there is a problem in the SIP header, but I don't think there is much I can change since it is Polycom phones going to a Broadsoft platform.
01-24-2013 12:21 PM
Hello Keith,
Thanks for the explanation.
Would you mind to show the community the exact commands you run so we can learn from you .
Also please mark the question as answered so future users can learn from this,
5 stars for you
01-24-2013 12:43 PM
class-map type inspect sip match-any SIP
match protocol-violation
class-map type inspect match-any SIP1
match protocol sip
policy-map type inspect Out
class type inspect SIP1
inspect
service-policy sip SIP1
There is the basic config I tossed into my outbound policy along with my other config to allow other traffic for users. I am still confused why Polycom has a header failure, but I will have to see if that is something we can have fixed.
01-24-2013 12:49 PM
Hello Keith,
Exactly, great to have that info,
Thanks.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: