cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
10523
Views
15
Helpful
43
Replies

Open port 5060 udp

moman62
Level 1
Level 1

Hello, I have a cisco 2921 router and I would like to know how to enable port 5060 so that my ITSP can send information so I can perform outbound/inbound calls.

43 Replies 43

sorry here is the correct snapshot

Sorry to keep asking the same question, but how does your CUBE connect to the ITSP?  What's the path?  Is there any other equipment in the path?

The ITSP is sending to 76.80.72.220 - is that an interface on your CUBE?   If so then we need to see the full configuration.

First off, I'm using all sip phones, and do i need to use dial-peers? since I'm using cucm 11.5? couldn't the partitions, calling search spaces etc be used instead? Thanks

What you list is for handling calls within CUCM. When you send the call to the gateway for calls to external parties you will need to define how to route these in the router. This is done by the use of dial peers.

From the sound of the discussion in this thread you have some information gaps in how this would work that you either should close or reach out to a certified Cisco partner to get help with your setup.

 



Response Signature


We're jumping about all over the place here with different issues being raised.  Have you resolved the issue with your ITSP, or are they still unable to contact your CUBE on port 5060?   If that problem exists it's got nothing to do with CUCM, Partitions, CSSs etc.  And actually very little to do with dial peers either.  Until you address that problem nothing is going to work.

here is my debug CCSIP Mess

 

*Apr 4 04:15:20.099: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Received:
OPTIONS sip:76.80.xx.xx SIP/2.0
Via: SIP/2.0/UDP 209.105.241.22:5060;branch=z9hG4bK2b4725ce;rport
Max-Forwards: 70
From: "asterisk" <sip:asterisk@209.105.241.22>;tag=as03cb407a
To: <sip:76.80.72.220>
Contact: <sip:asterisk@209.105.241.22:5060>
Call-ID: 1b3b6ba217a9a2ec04f789362d3ecd39@209.105.241.22:5060
CSeq: 102 OPTIONS
User-Agent: VYLmedia-SBCDAL
Date: Sat, 04 Apr 2020 04:15:20 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH, MESSAGE
Supported: replaces, timer
Content-Length: 0

*Apr 4 04:15:20.107: //1056/BB3034278421/SIP/Msg/ccsipDisplayMsg:
Sent:
SIP/2.0 200 OK
Via: SIP/2.0/UDP 209.105.241.22:5060;branch=z9hG4bK2b4725ce;rport
From: "asterisk" <sip:asterisk@209.105.241.22>;tag=as03cb407a
To: <sip:76.80.72.220>;tag=E0D208C-1BEF
Date: Sat, 04 Apr 2020 04:15:20 GMT
Call-ID: 1b3b6ba217a9a2ec04f789362d3ecd39@209.105.241.22:5060
Server: Cisco-SIPGateway/IOS-15.7.3.M4
CSeq: 102 OPTIONS
Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY, INFO, REGISTER
Allow-Events: telephone-event
Accept: application/sdp

2921LAB#Supported: 100rel,timer,resource-priority,replaces,sdp-anat
Content-Type: application/sdp
Content-Length: 371

v=0
o=CiscoSystemsSIP-GW-UserAgent 8777 7610 IN IP4 76.80.xx.xx
s=SIP Call
c=IN IP4 76.80.xx.xx
t=0 0
m=audio 0 RTP/AVP 18 0 8 9 4 2 15
c=IN IP4 76.80.xx.xx
m=image 0 udptl t38
c=IN IP476.80.xx.xx
a=T38FaxVersion:0
a=T38MaxBitRate:9600
a=T38FaxRateManagement:transferredTCF
a=T38FaxMaxBuffer:200
a=T38FaxMaxDatagram:320
a=T38FaxUdpEC:t38UDPRedundancy

That output is not for a call, it’s just for a SIP option ping.

Please make a call that is destined to go via the gateway and provide the output from that.

 



Response Signature


I am finally able to dial-out, but when I do a test call inbound, I get a fast busy.

 

I performed a ccsip debug error:

 

SIP Call error tracing is enabled
2921LAB#
*Apr 9 04:27:51.905: //-1/xxxxxxxxxxxx/SIP/Error/sipSPILocateInviteDialogCCB:
Ip Trust List Authentication failed for Incoming Request, method = OPTIONS
2921LAB#
*Apr 9 04:27:52.921: //-1/xxxxxxxxxxxx/SIP/Error/sipSPILocateInviteDialogCCB:
Ip Trust List Authentication failed for Incoming Request, method = OPTIONS
*Apr 9 04:27:53.905: //-1/xxxxxxxxxxxx/SIP/Error/sipSPILocateInviteDialogCCB:
Ip Trust List Authentication failed for Incoming Request, method = OPTIONS
2921LAB#
*Apr 9 04:27:54.909: //-1/xxxxxxxxxxxx/SIP/Error/sipSPILocateInviteDialogCCB:
Ip Trust List Authentication failed for Incoming Request, method = OPTIONS
*Apr 9 04:27:54.933: //-1/xxxxxxxxxxxx/SIP/Error/httpish_msg_free:
Freeing NULL pointer!
*Apr 9 04:27:54.933: //15552/512B8022BDE9/SIP/Error/sipSPIGetPeerByCalledPartyId:
input arg error
*Apr 9 04:27:54.933: //15552/512B8022BDE9/SIP/Error/sipSPIUpdateCallInfo:
input argument error
*Apr 9 04:27:54.933: //15552/512B8022BDE9/SIP/Error/ccsip_ipip_media_forking_anchor_leg_config:
MF: Dial-peer is absent..

Looks like you have not added the IP of the ITSP source to your trust list.

*Apr 9 04:27:52.921: //-1/xxxxxxxxxxxx/SIP/Error/sipSPILocateInviteDialogCCB:
Ip Trust List Authentication failed for Incoming Request, method = OPTIONS”

Add the IP to this and test again.

 



Response Signature


Although since that's Options ping that was blocked, not an Invite, it might be a probe from some unauthorised source.

Do you have firewall or ACL configuration to protect the CUBE?  Do you actually know the IP address that the service provider's inbound Invites will be sourced from?

Or simply that the option ping is not matching the intended dial peer due to miss configuration. Nothing would surprise me with this as the OP quite frankly is at a loss.



Response Signature


I don't think Options need to match any dial peer to get a reply.  I get a response if I send Options ping from my desk to our CUBE, that won't match either of its dial peers.

The very last line in the debug output says this “Dial-peer is absent”.

Dial peers are very much a factor in options ping functionality in a SBC.

Prerequisites for Out-of-dialog SIP OPTIONS Ping
The following are required for OOD Options ping to function. If any are missing, the Out-of-dialog (OOD) Options ping will not be sent and the dial peer is reset to the default active state.
• Dial-peer should be in active state
• Session protocol must be configured for SIP
Nano Cisco Unified Border Element Configuration Guide, Cisco IOS Release 15M&T
1

• Configure Session target or outbound proxy must be configured. If both are configured, outbound proxy has preference over session target.

From this document https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/voice/cube_nano/configuration/15-mt/nanocube-config-15-mt-book/voi-out-of-dialog.pdf



Response Signature


I have attached my dial-peers.


@Roger Kallberg wrote:

Dial peers are very much a factor in options ping functionality in a SBC.

With respect that's all referring to the configuration needed to send OOD Options Pings.  A gateway will respond even if there's no matching dial peer, as I just showed with my quick test.  Thinking about it, what is the Option message going to match against given that they don't contain the information commonly used to match inbound DP?  On another quick test I found the router would respond to Options as soon as I created one dial peer, just entering the header "dial-peer voice 27 voip", no session protocol, no destination pattern or anything.  Strangely it continues to reply even if you delete the dial peer, at least until reload.