Outbound PSTN Call not working

tomou · ‎10-06-2023

Hi everyone,

Appreciate if you could help us check this issue.

The issue is outbound PSTN call from ip phone/jabber to mobile phone is not working.

In the mobile phone, we could see the incoming call showing but it's gone before we can pick up the call.

IP Phone/jabber --TLS-SRTP--> CUCM --TLS-SRTP--> CUBE --TCP/UDP--> ITSP --> Mobile phone
Calle number 1315
Called number 90822xxxx7573

We use TLS-encrypted SIP for all except for the SIP trunk toward ITSP.

Internal ext call working fine.

SIP trunk status between CUCM and CUBE is full service.

CUCM 10.1.20.2 | cucm.cp.co.id

CUBE 10.1.3.232 | vg.cp.co.id

ITSP 10.14.3.221

Debug logs -> Logs

Thank you

b.winter · ‎10-06-2023

Maybe you should first start with getting your dial-peer configuration straight. Sorry to say that, but that config is "ugly" and will lead to problems.
The best way is to have 1 dial-peer per direction per system --> in your case 4 dial-peers:
1 for incoming from CUCM
1 for outoing to CUCM
1 for incoming from the provider
1 for outgoing to the provider

About the logs:
According to the logs, the CUCM is cancelling the call. So you have to check the logs of CUCM.

Roger Kallberg · ‎10-06-2023

A few thing, number one it's very bad to have this as it turns off all security in the SBC.

voice service voip
 ip address trusted list
  ipv4 0.0.0.0 0.0.0.0

You are advised to change this to list allowed IPs, individual or networks, that is allowed to communicate with the SBC. This list would normally hold all your CM CPE nodes and the IPs from where you expect to see traffic coming from your service provider.

Secondly you have not turned on the Cube functionality in your router, you'll do that with this command "mode border-element", save the config and then reboot the router.

Apart from this if all you use is SIP calls you do not need these.

 allow-connections h323 to h323
 allow-connections h323 to sip
 allow-connections sip to h323

Or these

dtmf-relay h245-alphanumeric h245-signal

I do agree with @b.winter that you'll need to work some on your dial peers as they are quite badly constructed, for one it's very bad practice to have a destination pattern that matches ".T" as that literary means any call. Also on inbound dial peers you should not have any session target defined as that is use in the outbound direction. Advice you to read this great document on how call routing works in IOS. In Depth Explanation of Cisco IOS and IOS-XE Call Routing - Cisco

When you do rework your dial peers it is advised to have the setup as @b.winter outlined and to use information in the VIA header to match the inbound dial peer. Also please note that you should not have a destination pattern towards your CM that is the same as you would have to your service provider as that will cause all sort of bad things for you. If all you want to do is to pass calls that originate from CM to the ITSP and the reverse, ie calls that comes from your ITSP should be sent to CM, it is adviced to look into using DPG, Dial Peer Group.

tomou · ‎10-06-2023

Thank you for the prompt feedback.

And you both are correct, this is indeed an ugly and bad config due to the "unique" requirements behind it, LOL.

Anyway, thank you for the advice.

Roger Kallberg · ‎10-06-2023

@tomou wrote:

Thank you for the prompt feedback.

And you both are correct, this is indeed an ugly and bad config due to the "unique" requirements behind it, LOL.

Anyway, thank you for the advice.

I doubt that there are such unique requirements that merits such a poorly constructed set of dial peers. Can you please outline what is it that is so special that you would need to have it setup in this way? Maybe we can help you with some adjustment on that part.

Roger Kallberg · ‎10-06-2023

Based on what you shared earlier I think something along with this could work for you.

voice service voip
 ip address trusted list
  no ipv4 0.0.0.0 0.0.0.0
  ipv4 10.14.3.221
  ipv4 10.1.20.2
 no allow-connections h323 to h323
 no allow-connections h323 to sip
 no allow-connections sip to h323
 address-hiding
 mode border-element
 sip
  early-offer forced

  
voice class uri CUCM sip
 host ipv4:10.1.20.2
!
voice class uri PSTN sip
 host ipv4:10.14.3.221


voice class dpg 10
 description From ITSP to CUCM
 dial-peer 12
!
voice class dpg 11
 description From CUCM to ITSP
 dial-peer 9


dial-peer voice 9 voip
 description *TO ITSP*
 destination-pattern BAD.BAD
 session transport tcp tls
 voice-class sip bind control source-interface GigabitEthernet0/0/1
 voice-class sip bind media source-interface GigabitEthernet0/0/1
 srtp
 no voice-class sip early-offer forced
!
dial-peer voice 10 voip
 description *FROM ITSP*
 incoming uri via PSTN
 no session target ipv4:10.1.20.2
 no destination-pattern 4100
 destination dpg 10
 voice-class sip bind control source-interface GigabitEthernet0/0/1
 voice-class sip bind media source-interface GigabitEthernet0/0/1
 dtmf-relay rtp-nte
 no vad
 no voice-class sip early-offer forced
!
dial-peer voice 11 voip
 description *FROM CUCM*
 session protocol sipv2
 no session target ipv4:10.1.20.2
 no incoming called-number .T
 destination dpg 11
 no session transport tcp tls
 no srtp
 voice-class sip bind control source-interface GigabitEthernet0/0/0
 voice-class sip bind media source-interface GigabitEthernet0/0/0
 incoming uri via CUCM
 dtmf-relay rtp-nte sip-kpml
 no vad
!
dial-peer voice 12 voip
 description *TO CUCM*
 session protocol sipv2
 session target ipv4:10.1.20.2
 voice-class codec 1
 destination-pattern BAD.BAD
 voice-class sip bind control source-interface GigabitEthernet0/0/0
 voice-class sip bind media source-interface GigabitEthernet0/0/0
 dtmf-relay rtp-nte sip-kpml
 no vad

Edit: I missed the part where you use TLS on the inside and not on the outside, so you’ll need to make some adjustments to my suggested configuration.