02-16-2022 02:37 AM
Hello Experts,
We have a Cube with SIP trunk with Cisco Webex Calling and ITSP
the Call flow is as the following:-
ITSP >>the unify Firewall >> CUBE >>the unify Firewall >> Webex calling
Our Issue : when we call a user on webex calling we just hear one ring and not able even to answer it and keep trying to ring with no luck
We found in the logs after 180 ringing , there's a cancel message comes from ITSP and after we check with them they said that they receive the SDP with Private IP address say ( A.A.A.A) as the below
Contact: sip:12345678@A.A.A.A:5060.
We make a sip profile and change the contact and the IN from private to public ( B.B.B.B) but they send us that they receive the below after modification
v=0.
o=CiscoSystemsSIP-GW-UserAgent 8349 6143 IN IP4 A.A.A.A .
s=SIP Call.
c=IN IP4 B.B.B.B.
t=0 0.
m=audio 8376 RTP/AVP 0 101.
c=IN IP4 A.A.A.A.
a=rtpmap:0 PCMU/8000.
a=rtpmap:101 telephone-event/8000.
a=fmtp:101 0-16.
a=ptime:20.
------------------------
The device is misconfigured.
Could any one help or advice what should we modify also ?
Solved! Go to Solution.
02-16-2022 04:24 AM
Hi,
If your CUBE has a private IP address and is behind a Firewall, and subsequently the Firewall does not have ALG enabled then the CUBE needs to be configured with SIP profiles to modify the private IP addresses to your public ones.
Plenty of resources available online to tell you how to do that, but here's a good one too. See the Example of Layer 7 SIP Inspection via SIP-Profile section of this link, specifically the Outbound Layer 7 fixup part:
02-20-2022 01:36 AM
Thank you all for your comments and support , the below what we changed
1- added the below sip class
voice class tenant 500
registrar 1 dns:SIP provider IP expires 3600
registrar 2 dns:SIP provider IP expires 3600
registrar 3 dns:SIP provider IP expires 3600
registrar 4 dns:SIP provider IP expires 3600
disable-early-media 180
retry invite 2
retry response 3
retry bye 3
retry prack 6
retry register 2
timers expires 300000
timers connect 100
sip-server dns:SIP provider IP
connection-reuse
no pass-thru content custom-sdp
2- add the below sip profile
voice class sip-profiles 22
rule 1 request ANY sip-header Contact modify "private IP" "Public IP"
rule 2 response ANY sip-header Contact modify "private IP" "Public IP"
rule 3 request ANY sip-header Via modify "SIP(.) private IP(.)" "SIP\1 Public IP\2"
rule 4 request ANY sdp-header Session-Owner modify "private IP" "Public IP"
rule 5 request ANY sdp-header Connection-Info modify "IN IP4 private IP" "IN IP4 Public IP"
rule 6 request ANY sdp-header Audio-Connection-Info modify "IN IP4 private IP" "IN IP4 Public IP"
rule 7 response ANY sdp-header Session-Owner modify "private IP" "Public IP"
rule 8 response ANY sdp-header Audio-Connection-Info modify "IN IP4 private IP" "IN IP4 Public IP"
rule 9 response ANY sdp-header Connection-Info modify "IN IP4 private IP" "IN IP4 Public IP"
3-Noted that after we put the below give us a new errorr so we removed it
request ANY sip-header Remote-Party-ID modify "<sip:(.*)@10.21.15.100>" "<sip:\1@a.b.c.d>"
response ANY sip-header Remote-Party-ID modify "<sip:(.*)@10.21.15.100>" "<sip:\1@a.b.c.d>"
4- shutdown all unnecessary dial-peers
after that we tested and all is going well ..
I don't know what exactly make the solution but it worked at the end
02-16-2022 02:42 AM
Looks like, you are add another header, instead of modifying it.
Could you post the config?
If your FW supports SIP ALG, might be better to turn it on there and let it change the IP address in the SIP headers, instead of doing it on the CUBE.
02-16-2022 03:14 AM
Actually I didn't added anything in the header , I just modify in the SDP
Our firewall support SIP ALG , but we read that it's recommended to disable it as per the below
https://www.nextiva.com/blog/disable-sip-alg.html
but we will enable it and check again , will update the status here
02-16-2022 03:18 AM
Would you mind to post the config?
02-16-2022 04:14 AM
I would think that you need to create a SIP profile to modify the IP address in both directions in the SIP dialog, aka to and from the ITSP. To get an idea on how to do this you can check the documentation on how to setup Cube for Direct Routing with MS Teams calling platform as that part should be uniform to any similar situation. This document can be found here.
02-16-2022 04:24 AM
Hi,
If your CUBE has a private IP address and is behind a Firewall, and subsequently the Firewall does not have ALG enabled then the CUBE needs to be configured with SIP profiles to modify the private IP addresses to your public ones.
Plenty of resources available online to tell you how to do that, but here's a good one too. See the Example of Layer 7 SIP Inspection via SIP-Profile section of this link, specifically the Outbound Layer 7 fixup part:
02-20-2022 01:36 AM
Thank you all for your comments and support , the below what we changed
1- added the below sip class
voice class tenant 500
registrar 1 dns:SIP provider IP expires 3600
registrar 2 dns:SIP provider IP expires 3600
registrar 3 dns:SIP provider IP expires 3600
registrar 4 dns:SIP provider IP expires 3600
disable-early-media 180
retry invite 2
retry response 3
retry bye 3
retry prack 6
retry register 2
timers expires 300000
timers connect 100
sip-server dns:SIP provider IP
connection-reuse
no pass-thru content custom-sdp
2- add the below sip profile
voice class sip-profiles 22
rule 1 request ANY sip-header Contact modify "private IP" "Public IP"
rule 2 response ANY sip-header Contact modify "private IP" "Public IP"
rule 3 request ANY sip-header Via modify "SIP(.) private IP(.)" "SIP\1 Public IP\2"
rule 4 request ANY sdp-header Session-Owner modify "private IP" "Public IP"
rule 5 request ANY sdp-header Connection-Info modify "IN IP4 private IP" "IN IP4 Public IP"
rule 6 request ANY sdp-header Audio-Connection-Info modify "IN IP4 private IP" "IN IP4 Public IP"
rule 7 response ANY sdp-header Session-Owner modify "private IP" "Public IP"
rule 8 response ANY sdp-header Audio-Connection-Info modify "IN IP4 private IP" "IN IP4 Public IP"
rule 9 response ANY sdp-header Connection-Info modify "IN IP4 private IP" "IN IP4 Public IP"
3-Noted that after we put the below give us a new errorr so we removed it
request ANY sip-header Remote-Party-ID modify "<sip:(.*)@10.21.15.100>" "<sip:\1@a.b.c.d>"
response ANY sip-header Remote-Party-ID modify "<sip:(.*)@10.21.15.100>" "<sip:\1@a.b.c.d>"
4- shutdown all unnecessary dial-peers
after that we tested and all is going well ..
I don't know what exactly make the solution but it worked at the end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide