CME (ios 15.1) SIP REGISTER doing a REFER back to invoking SIP Client

johnhart · ‎06-22-2012

CME / ios / SIP Experts,

I am trying to get Cisco Unified Call Manager Express (CME) up and running on my 2901 ios router:

Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.1(3)T4, RELEASE SOFTWARE (fc1)

I have configured the SIP server and added a couple of SIP phones and am now testing SIP REGISTER via the Blink (Mac OS X) client.

The client is on a private 192.168.x.x network.

The Cisco CME Router is sitting between internet (public IP address) and private 192.168.x.x network.

The Client is configured to send SIP requests to the private network interface on the Cisco CME Router.

The behavior I am seeing from Client SIP log is summarised below:

1. Blink (REGISTER sip:mydomain.com) -> Cisco CME

2. Cisco CME (100 Trying) -> Blink

3. Cisco CME (401 Unauthourized + WW-Authenticate) -> Blink

4. Blink (REGISTER sip:mydomain.com + Authorization) -> CISCO CME

5. Cisco CME (100 Trying) -> Blink

6. Cisco CME (REFER sip:XXXX@192.168.X.130)

Where the REFER is to actual SIP address of the Blink Mac OS X client

7. Cisco CME (500 Internal Server Error) -> Blink

9. Repeating : Cisco CME (REFER sip:XXXX@192.168.X.130)

So the question is:

1. Why is the original REGISTER not successful

2. Why is the CME SIP Registar send the REFER back?

Here is the relavant Subset of the CME/ios of Config:

!

version 15.1

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname toadstool

!

boot-start-marker

boot system flash0:/c2900-universalk9-mz.SPA.151-3.T4.bin

boot-end-marker

!

....

!

ip dhcp excluded-address 192.168.10.1 192.168.10.99

ip dhcp excluded-address 192.168.10.126 192.168.10.254

ip dhcp excluded-address 200.30.200.1 200.30.200.79

ip dhcp excluded-address 200.30.200.91 200.30.200.126

!

....

ip domain name froghop.com

....

voice-card 0

dsp services dspfarm

!

voice service voip

allow-connections sip to sip

no supplementary-service h450.2

no supplementary-service h450.3

no supplementary-service h450.7

no supplementary-service sip moved-temporarily

no supplementary-service sip refer

fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none

sip

registrar server expires max 600 min 60

!

voice register global

mode cme

source-address 200.30.200.190 port 5060

max-dn 20

max-pool 35

load 8961 8961/sip8961.9-2-2SR1-9

load 7942 7942-62/SIP42.9-2-1S

authenticate register

authenticate realm froghop.com

time-format 24

date-format D/M/Y

tftp-path flash:

create profile sync 0002689782282013

!

voice register dn 1

number 72332

call-forward b2bua busy 723851

call-forward b2bua noan 725851 timeout 30

name Joe Toad

label Joe Toad

!

voice register dn 2

number 611851

call-forward b2bua noan 72332 timeout 20

name LineA Home

label Home Line-A

!

voice register dn 3

number 72851

label 942 Door

!

voice register dn 4

number 723851

label Home Line-C

!

voice register pool 1

id mac 000B.8233.9B86

number 1 dn 2

username XXXX password XXXXX

!

voice register pool 2

id mac 0000.BEE1.BEE2

number 1 dn 1

username joe password XXXXX

!

voice translation-rule 5

rule 1 /^001161$.*$/ /0\1/

rule 2 /^\+61$.*$/ /0\1/

!

voice translation-profile local

translate called 5

!

....

!

interface Loopback0

ip address 200.30.200.190 255.255.255.224

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

zone-member security in-zone

!

interface Null0

no ip unreachables

!

interface GigabitEthernet0/0

description $ETH-LAN$$FW_INSIDE$

ip address 200.30.200.130 255.255.255.224

no ip redirects

no ip unreachables

no ip proxy-arp

ip nbar protocol-discovery

ip flow ingress

ip nat outside

ip virtual-reassembly in

zone-member security in-zone

duplex auto

speed auto

no mop enabled

!

interface GigabitEthernet0/1

description $ETH-LAN$$FW_INSIDE$

ip address 192.168.10.1 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat inside

ip virtual-reassembly in

zone-member security PRIVATE-ZONE

duplex auto

speed auto

no mop enabled

!

interface FastEthernet0/2/0

description $ETH-LAN$$FW_INSIDE$

ip address 192.168.1.160 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat inside

ip virtual-reassembly in

zone-member security PRIVATE-ZONE

duplex auto

speed auto

no mop enabled

!

interface FastEthernet0/2/1

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

shutdown

duplex auto

speed auto

no mop enabled

!

interface ATM0/3/0

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

no atm ilmi-keepalive

!

interface ATM0/3/0.1 point-to-point

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

pvc 8/35

encapsulation aal5mux ppp dialer

dialer pool-member 1

!

interface GigabitEthernet0/0/0

!

interface GigabitEthernet0/0/1

!

interface GigabitEthernet0/0/2

!

interface GigabitEthernet0/0/3

!

interface Virtual-Template1 type serial

description $FW_INSIDE$

ip unnumbered Loopback0

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat outside

ip virtual-reassembly in

zone-member security in-zone

!

interface Vlan1

description $ETH-4ESG$$INTF-INFO-10/100/1000 Ethernet$$ETH-LAN$FW-DMZ$$FW_INSIDE$$ES_LAN$

ip address 200.30.200.1 255.255.255.128

no ip redirects

no ip unreachables

no ip proxy-arp

ip nbar protocol-discovery

ip flow ingress

ip flow egress

ip nat outside

ip virtual-reassembly in

zone-member security dmz-zone

!

interface Dialer0

description $FW_OUTSIDE$

ip address 175.249.76.71 255.255.255.0

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip flow egress

ip nat outside

ip virtual-reassembly in

zone-member security out-zone

encapsulation ppp

dialer pool 1

dialer-group 1

ppp authentication chap pap callin

ppp chap hostname XXXXXXXXXXXX@XXXXXXXXXXXXXXXX

ppp chap password 7 101D5A49544442

ppp pap sent-username XXXXXXXXXX@XXXXXXXXXXX password 7 XXXXXXXXXXXXXXXX

service-policy input sdmappfwp2p_CCP_MEDIUM

service-policy output sdmappfwp2p_CCP_MEDIUM

!

ip forward-protocol nd

!

ip http server

ip http authentication local

ip http secure-server

....

!

control-plane

!

call threshold global cpu-avg low 68 high 75

call threshold global total-mem low 75 high 85

call threshold global total-calls low 1 high 1

!

mgcp profile default

!

dspfarm profile 10 transcode

description G711Transcode

codec g711ulaw

codec g711alaw

maximum sessions 4

associate application SCCP

!

dspfarm profile 20 transcode

description GenTranscode

codec g729abr8

codec g729ar8

codec g729r8

codec g722-64

codec ilbc

codec g729br8

codec isac

codec gsmamr-nb

codec pass-through

maximum sessions 1

associate application SCCP

!

dspfarm profile 30 conference

description Conference

codec g711ulaw

codec g711alaw

codec g729ar8

codec g729abr8

codec g729r8

codec g729br8

codec g722-64

codec ilbc

maximum sessions 1

associate application SCCP

!

dial-peer voice 1 voip

description PSTN

translation-profile outgoing local

preference 1

session protocol sipv2

session target sip-server

incoming called-number .T

dtmf-relay sip-notify

!

sip-ua

authentication username xxxxxxxxxxxxxx password 7 xxxxxxxxxxxxxxxxx

timers connect 100

sip-server dns:pots-gw.froghop.com

!

gatekeeper

shutdown

!

telephony-service

no auto-reg-ephone

max-dn 20

ip source-address 200.30.200.190 port 2000

max-redirect 5

cnf-file location flash:

time-format 24

date-format dd-mm-yy

max-conferences 8 gain -6

web admin system name XXXXXXXxx secret 5 XXXXXXXXXXXXXXXX

dn-webedit

time-webedit

transfer-system full-consult

directory last-name-first

create cnf-files version-stamp 7960 Jun 21 2012 08:27:54

!

....

ntp server 171.10.7.211

end

</Config>

With the SIP configuration. I have deliberately not added in any bind commands for the Control and Media interfaces, as the CME ios Router should be acting as gateway between Public & Private interfaces and so should be handling SIP requests on both of these interfaces.

I am not using any Cisco phone and so do not need to support skinny (CSSP) and just want to support generic SIP gateways and phones.

I have not started to work on getting Dial Plans sorted out yet, as if I cannot get a phone to REGISTER, then nothing else will work or is testable.

I have also attached the SIP Log trace from Blink in the attached file.

Thank you for any light you can throw on this.

John.

Mohammed al Baqari · ‎06-22-2012

You have to add SIP binding to work. After adding it, you should reapply create profile command in register global.

Also, you need to enable supplementery service refer in SIP since its required for registration and call transfer.

One more thing, I can see that you are using zone based firewall but you didn't inculde the policies. For precatuions check if its blocking something.

"if you find this post useful, please rate"

Sent from Cisco Technical Support iPhone App

johnhart · ‎06-22-2012

Hi Mohammed,

thanks for your suggestions.

Even when I updated the SIP config:

voice service voip

allow-connections sip to sip

no supplementary-service h450.2

no supplementary-service h450.3

no supplementary-service h450.7

no supplementary-service sip moved-temporarily

fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none

sip

bind control source-interface Loopback0

registrar server expires max 600 min 60

!

voice register global

mode cme

source-address 200.30.200.190 port 5060

max-dn 20

max-pool 35

load 8961 8961/sip8961.9-2-2SR1-9

load 7942 7942-62/SIP42.9-2-1S

authenticate register

authenticate realm frogdrop.com

time-format 24

date-format D/M/Y

tftp-path flash:

create profile sync 0002689782282013

!

Changes include:

# voice service voip

# supplementary-service sip refer

# sip

# bind control source-interface Loopback0

I am still getting the REFER & 500 Internal Server Error generated, so am unable to register.

Also as I added in the bind, which result in binding to the public facing Loopback0 interface, I had to change the Blink SIP client to do register on this interface (as it could not longer contact the PRIVATE interface on 192.168.X.X network.

To your question about the ZBFW setting, I have configured SIP inspection and can have no problems getting response from the interfaces, as long as I ensure that the Blink SIP Proxy settings are always the same as the "bind control source-interface" setting.

As per my earlier post, I do not realy want to do a "bind control source-interface" as this means that I cannot have a SIP listener on both the public and the private interfaces, which I need for:

1. Allowing general SIP INVITE calls to enter SIP via Public Interface

2. Allow remote users to do SIP REGISTER via Public Interface

3. Allow communications with external SIP provider for international calls

4. Allow my internal SIP users to use the PRIVATE interface to do SIP REGISTER

5. Allow my internal SIP clients to do intra-office calls by directly calling local SIP numbers.

NOTE: that the REFER message has the following contents:

notify_displayMax Phones Exceeded1001

Does the "Max Phones Exceeded" have any significance???

How can I have exceeded by maximum no of phones, when I have not even managed to get a single phone to register?

Thanks for your help.

Regard,

John.