cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2622
Views
0
Helpful
2
Replies

How to H323 to SIP on 2801? no symetric, no SDP, always declined by ISP

Tibor Marchyn
Level 1
Level 1

Hi,

my infrastructure is like this:

IP Phone SCCP 7960 ------> CUCM 6.1.5 ------ (h323)----> Cisco 2801 -------(sip)------> ISP

                                                                                                                     \-----------(PRI)----> ISP2

I have problems with outgoing calls. My ISP said me that SDP in my INVITE message had content-lenght 0.

We have CUCM configured to use Cisco 2801 as Gateway (Device -> Gateway) from past. we have 2 ISPs for outgoing calls.

Next I thing that this router is not work as symetric (which ISP told me, too). ISP told me that traffic is comming from random port 52xxx to their 5060, but they are waiting that traffic will come from 5060 from us.

I tried upgrade to c2801-adventerprisek9_ivs-mz.124-22.T.bin but no change and i have to roll back to c2801-adventerprisek9_ivs-mz.124-6.T9.bin because I had problems with BRI cards and ISDN modems connected to this router (they couldn't get TEI on new FW and always IDDENY layer 2 message).

Bellow is configuration. Please help

version 12.4
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
service sequence-numbers
!
hostname router-voice-c2801
!
boot-start-marker
boot system flash c2801-adventerprisek9_ivs-mz.124-6.T9.bin
boot-end-marker
!
security authentication failure rate 3 log
security passwords min-length 6
no logging buffered
logging console critical
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authentication login sdm_vpn_xauth_ml_2 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
!
aaa session-id common
!
resource policy
!
clock timezone CET 1
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
clock calendar-valid
network-clock-participate wic 2
network-clock-participate wic 3
network-clock-select 1 E1 0/3/0
no ip source-route
ip cef
!
!
no ip dhcp conflict logging
!
!
ip tcp synwait-time 10
ip flow-cache timeout active 1
no ip bootp server
ip domain name office.com
ip name-server 192.168.100.13
ip name-server 192.168.100.10
ip ssh authentication-retries 2
ip ssh version 2
ip inspect max-incomplete high 1000
ip inspect max-incomplete low 800
ip inspect one-minute high 1000
ip inspect one-minute low 800
ip inspect tcp max-incomplete host 100 block-time 0
ip inspect name dmzinspect tcp
ip inspect name dmzinspect udp
ip inspect name DEFAULT100 appfw DEFAULT100
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 nntp
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 ntp
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 vdolive
!
appfw policy-name DEFAULT100
  application http
    port-misuse p2p action reset alarm
!
isdn switch-type primary-net5
isdn voice-call-failure 0
!
voice-card 0
dsp services dspfarm
!
password encryption aes
!
voice rtp send-recv
!
voice service voip
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
redirect ip2ip
h323
h225 id-passthru
sip
  registrar server expires max 3600 min 3600
!
!
voice class media 1
media flow-through
!
!
voice class codec 1
codec preference 1 g711ulaw
codec preference 2 g711alaw
codec preference 3 g729br8
codec preference 4 g729r8
!
voice class codec 2
codec preference 1 g711ulaw
!
voice class codec 3
codec preference 1 g711alaw
!
!
!
voice class h323 1
  call start interwork
!
!
!
!
!
!
voice translation-rule 1
rule 1 /222554114/ /246019010/
!
voice translation-rule 2
rule 1 /^00/ // type national international plan isdn isdn
!
voice translation-rule 3
rule 1 /^123456/ // type any national
!
!
voice translation-profile 2
translate called 2
!
voice translation-profile FAX
translate called 1
!
voice translation-profile dialtelecomtest
translate called 3
!
!
!
application
service ccmshowrack http://192.168.110.63:8080/ccmivr/pages/IVRMainpage.vxml
!
!
!
crypto pki trustpoint TP-self-signed-c2801.office.com-001
enrollment selfsigned
serial-number
revocation-check none
rsakeypair TP-self-signed-c2801.office.com-001
!
!
archive
log config
  hidekeys
!
!
controller E1 0/3/0
pri-group timeslots 8-16
!
translation-rule 2
Rule 0 ^.% 0 national national
Rule 1 ^.% 000 international international
!
!
!
crypto isakmp policy 1
encr 3des
authentication pre-share
group 2
!
!
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto dynamic-map SDM_DYNMAP_1 1
set transform-set ESP-3DES-SHA
reverse-route
!
!
crypto map SDM_CMAP_1 client authentication list sdm_vpn_xauth_ml_1
crypto map SDM_CMAP_1 isakmp authorization list sdm_vpn_group_ml_1
crypto map SDM_CMAP_1 client configuration address respond
crypto map SDM_CMAP_1 65535 ipsec-isakmp dynamic SDM_DYNMAP_1
!
!
!
!
!
interface Null0
no ip unreachables
!
interface FastEthernet0/0
description $FW_INSIDE$$ETH-LAN$
ip address 192.168.1.2 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
ip accounting output-packets
ip flow ingress
ip flow egress
ip inspect DEFAULT100 in
ip virtual-reassembly
duplex auto
speed auto
ntp broadcast
no mop enabled
h323-gateway voip interface
h323-gateway voip bind srcaddr 192.168.1.2
!
interface FastEthernet0/1
description DIAL TELECOM SIP
ip address 1.2.3.4 255.255.255.252
ip access-group dialtelecomwan in
ip verify unicast reverse-path
no ip redirects
no ip proxy-arp
ip accounting output-packets
ip nbar protocol-discovery
ip virtual-reassembly
duplex auto
speed auto
no cdp enable
no mop enabled
!
interface FastEthernet0/1/0
!
interface FastEthernet0/1/1
!
interface FastEthernet0/1/2
!
interface FastEthernet0/1/3
!
interface BRI0/2/0
no ip address
isdn switch-type basic-net3
isdn protocol-emulate network
isdn tei-negotiation first-call
isdn layer1-emulate network
isdn incoming-voice voice
isdn outgoing display-ie
isdn outgoing ie caller-number
isdn outgoing ie called-number
isdn skipsend-idverify
!
interface BRI0/2/1
no ip address
isdn switch-type basic-net3
isdn protocol-emulate network
isdn tei-negotiation first-call
isdn layer1-emulate network
isdn incoming-voice voice
isdn outgoing display-ie
isdn outgoing ie caller-number
isdn outgoing ie called-number
isdn skipsend-idverify
!
interface Serial0/3/0:15
no ip address
no ip proxy-arp
encapsulation hdlc
isdn switch-type primary-net5
isdn overlap-receiving
isdn incoming-voice voice
no cdp enable
!
interface Vlan1
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
!
ip route 0.0.0.0 0.0.0.0 1.2.3.5
ip route 192.168.6.0 255.255.255.0 192.168.1.1
ip route 192.168.7.0 255.255.255.0 192.168.1.1
ip route 192.168.8.0 255.255.255.0 192.168.1.1
ip route 192.168.10.0 255.255.255.0 192.168.1.1
ip route 192.168.100.0 255.255.255.0 192.168.1.1
ip route 192.168.110.0 255.255.255.0 192.168.1.1
ip route 192.168.111.0 255.255.255.0 192.168.1.1
ip route 192.168.200.0 255.255.255.0 192.168.1.1
!
ip flow-export source FastEthernet0/0
ip flow-export version 5
ip flow-export destination 192.168.110.180 2055
!
no ip http server
ip http access-class 1
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
ip nat inside source route-map RMAP_OUTSIDE interface FastEthernet0/1 overload
!
ip access-list extended dialtelecomwan
permit ip host 212.24.129.210 host 213.151.91.150
permit icmp any host 213.151.91.150
deny   ip any any
!
logging trap debugging
logging facility local6
logging 192.168.110.23
access-list 103 remark VTY Access-class list
access-list 103 remark SDM_ACL Category=1
access-list 103 permit ip 192.168.0.0 0.0.255.255 any
access-list 103 permit ip 192.168.1.0 0.0.0.255 any
access-list 103 permit ip 192.168.10.0 0.0.0.255 any
access-list 103 permit ip 192.168.100.0 0.0.0.255 any
access-list 103 permit ip 192.168.110.0 0.0.0.255 any
access-list 103 permit ip 192.168.200.0 0.0.0.255 any
access-list 103 permit tcp any any eq 22
access-list 103 permit tcp any any eq 443
access-list 103 deny   ip any any
access-list 103 remark VTY Access-class list
access-list 103 remark SDM_ACL Category=1
snmp-server community zoom RO
disable-eadi
!
!
!
route-map RMAP_OUTSIDE permit 10
match ip address nat
!
!
!
!
control-plane
!
!
!
voice-port 0/0/0
supervisory disconnect dualtone mid-call
no echo-cancel enable
no vad
cptone CZ
timeouts wait-release 3
connection plar opx 222554111
impedance complex2
description line 284019170
station-id name TEST-LINE
station-id number 284019170
caller-id enable
!
voice-port 0/0/1
supervisory disconnect dualtone mid-call
no echo-cancel enable
no vad
cptone CZ
timeouts wait-release 3
connection plar opx 222554111
impedance complex2
description line 284019177
station-id name DVERNIK
station-id number 284019177
caller-id enable
!
voice-port 0/3/0:15
!
voice-port 0/2/0
compand-type a-law
cptone CZ
!
voice-port 0/2/1
compand-type a-law
cptone CZ
!
!
!
sccp local FastEthernet0/0
sccp ccm 192.168.110.64 identifier 2 priority 2 version 5.0.1
sccp ccm 192.168.110.63 identifier 1 priority 1 version 5.0.1
sccp
!
sccp ccm group 1
bind interface FastEthernet0/0
associate ccm 1 priority 1
associate ccm 2 priority 2
associate profile 2 register mtpresource
associate profile 1 register transcoder
!
dspfarm profile 1 transcode
codec g711ulaw
codec g711alaw
codec g729ar8
codec g729abr8
maximum sessions 2
associate application SCCP
!
dspfarm profile 2 mtp
codec g711ulaw
maximum sessions software 10
associate application SCCP
!
!
dial-peer voice 101 pots
description - enable DID on BRI voice port 0/2/0
incoming called-number .
direct-inward-dial
port 0/2/0
!
dial-peer voice 102 pots
description - enable DID on BRI voice port 0/2/1
incoming called-number .
direct-inward-dial
port 0/2/1
!
dial-peer voice 103 pots
translation-profile incoming FAX
incoming called-number 222554114
direct-inward-dial
port 0/3/0:15
!
dial-peer voice 104 pots
destination-pattern 246019010
port 0/3/0:15
no sip-register
!
dial-peer voice 1000 pots
incoming called-number .
direct-inward-dial
port 0/3/0:15
forward-digits all
!
dial-peer voice 1001 voip
voice-class codec 1
incoming called-number .
dtmf-relay h245-alphanumeric
no vad
!
dial-peer voice 1002 pots
huntstop
destination-pattern .T
direct-inward-dial
port 0/3/0:15
no sip-register
!
dial-peer voice 1003 voip
huntstop
destination-pattern 2225541..
translate-outgoing calling 2
voice-class codec 1
session target ipv4:192.168.100.12
dtmf-relay h245-alphanumeric
no vad
!
dial-peer voice 1004 voip
translation-profile outgoing dialtelecomtest
huntstop
destination-pattern 123456.T
signaling forward unconditional
voice-class codec 3
session protocol sipv2
session target sip-server
dtmf-relay rtp-nte
no fax-relay sg3-to-g3
no vad
!
dial-peer voice 1005 voip
description incomming dial-peer dial telecom
session protocol sipv2
session target sip-server
incoming called-number 2262022..
codec g711alaw
!
dial-peer voice 1006 pots
translation-profile outgoing 2
destination-pattern 00T
port 0/3/0:15
no sip-register
!
dial-peer voice 1010 voip
huntstop
destination-pattern 2262022..
voice-class codec 1
session target ipv4:192.168.100.12
dtmf-relay h245-alphanumeric
no vad
!
gateway
timer receive-rtp 1200
!
sip-ua
nat symmetric role active
nat symmetric check-media-src
no remote-party-id
retry invite 3
retry response 3
retry bye 3
retry cancel 3
registrar ipv4:1.2.3.4 expires 3600
sip-server ipv4:3.4.5.6
  host-registrar
!
!
!
gatekeeper
shutdown
!
!
telephony-service
max-ephones 1
max-dn 10
sdspfarm transcode sessions 3
create cnf-files version-stamp 7960 Jun 29 2010 08:07:31
max-conferences 8 gain -6
transfer-system full-consult
!
banner login 
Disconnect IMMEDIATELY if you are not an authorized user!


!
parser view SDM_EasyVPN_Remote
! Last configuration change at 08:30:38 CEST Tue Jun 29 2010 by admin
! NVRAM config last updated at 08:11:22 CEST Tue Jun 29 2010 by admin
!
!
parser view SDM_Monitor
secret 5 $1$VQo0$ANnnLp1RFc3s3EylKwMCV.
commands configure include end
commands configure include all interface
commands configure include all crypto
commands exec include dir all-filesystems
commands exec include dir
commands exec include all crypto ipsec client ezvpn
commands exec include crypto ipsec client
commands exec include crypto ipsec
commands exec include crypto
commands exec include all ping ip
commands exec include ping
commands exec include configure terminal
commands exec include configure
commands exec include all show
commands exec include all clear
!
!
scheduler allocate 20000 1000
ntp source FastEthernet0/0
ntp update-calendar
ntp server 192.168.100.10 source FastEthernet0/0 prefer
!
webvpn context Default_context
ssl authenticate verify all
!
csd enable
no inservice
!
end

2 Replies 2

Abu Hadee
Level 3
Level 3

Hi

If the callmanager is not sending h323 call as fast start, CUBE wont send the sip call with SDP. You need to make the outgoing call to CUCM as fast start.

The nat issue i didn't quite understand. Do you have any "debub ccsip mess" captured?

Thank you

- abu

How can I check if it is enabled or no? Where Can I enable it if no?

Yes I have ccsip messages. In short: I send INVITE, they reply TRYING and DECLINED. They said that there could be 2 problems. First is SDP. and Second that in Contac field is but connection came from random port not from 5060.