Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1873
Views
10
Helpful
6
Replies

CUBE Issue with the ITSP public to private IP

Go to solution
mohmedsaber199020
Level 1
Level 1

‎02-16-2022 02:37 AM

Hello Experts,

 

We have a Cube with SIP trunk with Cisco Webex Calling and ITSP 

 

the Call flow is as the following:-

ITSP >>the unify Firewall >> CUBE >>the unify Firewall >> Webex calling 

 

Our Issue : when we call a user on webex calling we just hear one ring and not able even to answer it and keep trying to ring with no luck

 

We found in the logs after 180 ringing , there's a cancel message comes from ITSP and after we check with them they said that they receive the SDP with Private IP address say ( A.A.A.A) as the below

Contact: sip:12345678@A.A.A.A:5060.

 

We make a sip profile and change the contact and the IN from private to public ( B.B.B.B) but they send us that they receive the below after modification 

v=0.
o=CiscoSystemsSIP-GW-UserAgent 8349 6143 IN IP4 A.A.A.A .
s=SIP Call.
c=IN IP4 B.B.B.B.
t=0 0.
m=audio 8376 RTP/AVP 0 101.
c=IN IP4 A.A.A.A.
a=rtpmap:0 PCMU/8000.
a=rtpmap:101 telephone-event/8000.
a=fmtp:101 0-16.
a=ptime:20.
------------------------

The device is misconfigured.  

 

Could any one help or advice what should we modify also ?

 

 

 

 

 

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Scott Leport
Level 7
Level 7

‎02-16-2022 04:24 AM

Hi,

 

If your CUBE has a private IP address and is behind a Firewall, and subsequently the Firewall does not have ALG enabled then the CUBE needs to be configured with SIP profiles to modify the private IP addresses to your public ones.

Plenty of resources available online to tell you how to do that, but here's a good one too. See the Example of Layer 7 SIP Inspection via SIP-Profile section of this link, specifically the Outbound Layer 7 fixup part:

https://www.cisco.com/c/en/us/support/docs/voice/ip-telephony-voice-over-ip-voip/211306-In-Depth-Explanation-of-Cisco-IOS-and-IO.html#anc45

 

View solution in original post

Go to solution
mohmedsaber199020
Level 1
Level 1

‎02-20-2022 01:36 AM

Thank you all for your comments and support , the below what we changed

 

1- added the below sip class


voice class tenant 500
registrar 1 dns:SIP provider IP expires 3600
registrar 2 dns:SIP provider IP expires 3600
registrar 3 dns:SIP provider IP expires 3600
registrar 4 dns:SIP provider IP expires 3600
disable-early-media 180
retry invite 2
retry response 3
retry bye 3
retry prack 6
retry register 2
timers expires 300000
timers connect 100
sip-server dns:SIP provider IP
connection-reuse
no pass-thru content custom-sdp

2- add the below sip profile

voice class sip-profiles 22
rule 1 request ANY sip-header Contact modify "private IP" "Public IP"
rule 2 response ANY sip-header Contact modify "private IP" "Public IP"
rule 3 request ANY sip-header Via modify "SIP(.) private IP(.)" "SIP\1 Public IP\2"
rule 4 request ANY sdp-header Session-Owner modify "private IP" "Public IP"
rule 5 request ANY sdp-header Connection-Info modify "IN IP4 private IP" "IN IP4 Public IP"
rule 6 request ANY sdp-header Audio-Connection-Info modify "IN IP4 private IP" "IN IP4 Public IP"
rule 7 response ANY sdp-header Session-Owner modify "private IP" "Public IP"
rule 8 response ANY sdp-header Audio-Connection-Info modify "IN IP4 private IP" "IN IP4 Public IP"
rule 9 response ANY sdp-header Connection-Info modify "IN IP4 private IP" "IN IP4 Public IP"




3-Noted that after we put the below give us a new errorr so we removed it

request ANY sip-header Remote-Party-ID modify "<sip:(.*)@10.21.15.100>" "<sip:\1@a.b.c.d>"
response ANY sip-header Remote-Party-ID modify "<sip:(.*)@10.21.15.100>" "<sip:\1@a.b.c.d>"


4- shutdown all unnecessary dial-peers


after that we tested and all is going well ..

I don't know what exactly make the solution but it worked at the end

View solution in original post

0 Helpful
6 Replies 6

Go to solution
b.winter
VIP
VIP

‎02-16-2022 02:42 AM

Looks like, you are add another header, instead of modifying it.

Could you post the config?

 

If your FW supports SIP ALG, might be better to turn it on there and let it change the IP address in the SIP headers, instead of doing it on the CUBE.

0 Helpful

Go to solution
mohmedsaber199020
Level 1
Level 1
In response to b.winter

‎02-16-2022 03:14 AM

Actually  I didn't added anything in the header , I just modify in the SDP 

 

Our firewall support SIP ALG , but we read that it's recommended to disable it as per the below 

https://www.nextiva.com/blog/disable-sip-alg.html

 

but we will enable it and check again , will update the status here 

 

0 Helpful

Go to solution
b.winter
VIP
VIP
In response to mohmedsaber199020

‎02-16-2022 03:18 AM

Would you mind to post the config?

0 Helpful

Go to solution
Roger Kallberg
VIP
VIP

‎02-16-2022 04:14 AM

I would think that you need to create a SIP profile to modify the IP address in both directions in the SIP dialog, aka to and from the ITSP. To get an idea on how to do this you can check the documentation on how to setup Cube for Direct Routing with MS Teams calling platform as that part should be uniform to any similar situation. This document can be found here.



Response Signature


0 Helpful

Go to solution
Scott Leport
Level 7
Level 7

‎02-16-2022 04:24 AM

Hi,

 

If your CUBE has a private IP address and is behind a Firewall, and subsequently the Firewall does not have ALG enabled then the CUBE needs to be configured with SIP profiles to modify the private IP addresses to your public ones.

Plenty of resources available online to tell you how to do that, but here's a good one too. See the Example of Layer 7 SIP Inspection via SIP-Profile section of this link, specifically the Outbound Layer 7 fixup part:

https://www.cisco.com/c/en/us/support/docs/voice/ip-telephony-voice-over-ip-voip/211306-In-Depth-Explanation-of-Cisco-IOS-and-IO.html#anc45

 

Go to solution
mohmedsaber199020
Level 1
Level 1

‎02-20-2022 01:36 AM

Thank you all for your comments and support , the below what we changed

 

1- added the below sip class


voice class tenant 500
registrar 1 dns:SIP provider IP expires 3600
registrar 2 dns:SIP provider IP expires 3600
registrar 3 dns:SIP provider IP expires 3600
registrar 4 dns:SIP provider IP expires 3600
disable-early-media 180
retry invite 2
retry response 3
retry bye 3
retry prack 6
retry register 2
timers expires 300000
timers connect 100
sip-server dns:SIP provider IP
connection-reuse
no pass-thru content custom-sdp

2- add the below sip profile

voice class sip-profiles 22
rule 1 request ANY sip-header Contact modify "private IP" "Public IP"
rule 2 response ANY sip-header Contact modify "private IP" "Public IP"
rule 3 request ANY sip-header Via modify "SIP(.) private IP(.)" "SIP\1 Public IP\2"
rule 4 request ANY sdp-header Session-Owner modify "private IP" "Public IP"
rule 5 request ANY sdp-header Connection-Info modify "IN IP4 private IP" "IN IP4 Public IP"
rule 6 request ANY sdp-header Audio-Connection-Info modify "IN IP4 private IP" "IN IP4 Public IP"
rule 7 response ANY sdp-header Session-Owner modify "private IP" "Public IP"
rule 8 response ANY sdp-header Audio-Connection-Info modify "IN IP4 private IP" "IN IP4 Public IP"
rule 9 response ANY sdp-header Connection-Info modify "IN IP4 private IP" "IN IP4 Public IP"




3-Noted that after we put the below give us a new errorr so we removed it

request ANY sip-header Remote-Party-ID modify "<sip:(.*)@10.21.15.100>" "<sip:\1@a.b.c.d>"
response ANY sip-header Remote-Party-ID modify "<sip:(.*)@10.21.15.100>" "<sip:\1@a.b.c.d>"


4- shutdown all unnecessary dial-peers


after that we tested and all is going well ..

I don't know what exactly make the solution but it worked at the end

0 Helpful
Customers Also Viewed These Support Documents