05-22-2013 11:19 AM - edited 03-16-2019 05:27 PM
I'm having issues with outgoing calls from CallManager express registered with a SIP server, the line is registered:
CME#sh sip-ua register status
Line peer expires(sec) registered P-Associ-URI
================================ ========== ============ ========== ============
595212376XXX -1 523 yes
My sip-ua configuration:
sip-ua
credentials username 595212376XXX password 7 passwd realm prepago.com.py
authentication username 595212376XXX password 7 passwd realm prepago.com.py
nat symmetric role active
nat symmetric check-media-src
no remote-party-id
retry invite 4
retry response 3
retry bye 2
retry cancel 2
retry register 10
timers register 250
registrar dns:prepago.com.py expires 3600
sip-server dns:prepago.com.py
connection-reuse
Outgoing dialpeer:
dial-peer voice 200 voip
translation-profile outgoing OUT_IP
destination-pattern 8T
session protocol sipv2
session target sip-server
voice-class codec 1
dtmf-relay cisco-rtp h245-alphanumeric
I tried with xlite and it worked, this is the SIP header:
Contact: <sip:595212376XXX@190.52.178.171:49434>
(public ip address)
And this the header from an extension registered with CME:
Contact: <sip:1999@10.132.2.1:5060>
(private ip of the CME)
I'm guessing there's a NAT issue? I do see this NAT table on the gateway:
udp 190.52.178.171:1024 10.132.2.1:5060 201.217.31.10:5060 201.217.31.10:5060
udp 190.52.178.171:53792 10.132.2.1:53792 201.217.31.10:5060 201.217.31.10:5060
This is the message I get when calling from CME:
Received:
SIP/2.0 403 Forbidden
Via: SIP/2.0/UDP 10.132.2.1:5060;branch=z9hG4bK21A6B18B
From: "Test" <sip:1999@prepago.com.py>;tag=1904A838-20CE
To: <sip:0981545XXX@prepago.com.py>;tag=aprqngfrt-ukkbdq30000a6
Call-ID: B4DE06BC-C23911E2-B4E69077-B82C15B6@10.132.2.1
CSeq: 101 INVITE
Timestamp: 1369242787
Any ideas will be appreciated thanks
05-22-2013 11:51 AM
es it looks like a NAT issue. Looks like the INVITE sent to your provider is going out via the local IP rather than the NAT IP.
You can send a full sh run and a debug ccsip messages
Please rate all useful posts
"opportunity is a haughty goddess who waste no time with those who are unprepared"
05-27-2013 02:23 PM
Yes, this is the sh run:
!
voice service voip
ip address trusted list
ipv4 0.0.0.0 0.0.0.0
no ip address trusted authenticate
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
no supplementary-service h450.2
no supplementary-service h450.3
no supplementary-service sip moved-temporarily
no supplementary-service sip refer
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none
sip
bind control source-interface GigabitEthernet0/0.1
bind media source-interface GigabitEthernet0/0.1
registrar server expires max 36000 min 600
!
voice class codec 1
codec preference 1 g711ulaw
codec preference 2 g711alaw
codec preference 3 g729r8
codec preference 4 g729br8
!
voice class codec 2
codec preference 3 g729r8
codec preference 4 g729br8
!
voice class custom-cptone leavetone
dualtone conference
frequency 400 800
cadence 400 50 200 50 200 50
!
voice class custom-cptone jointone
dualtone conference
frequency 600 900
cadence 300 150 300 100 300 50
!
!
!
sccp ccm group 1
associate ccm 1 priority 1
associate profile 2 register confprof2
!
dspfarm profile 2 conference
codec g711ulaw
codec g711alaw
codec g729ar8
codec g729abr8
codec g729r8
codec g729br8
maximum sessions 5
conference-join custom-cptone jointone
conference-leave custom-cptone leavetone
associate application SCCP
!
sip-ua
credentials username 59521237XXXX password 7 XXXX realm prepago.com.py
authentication username 59521237XXXX password 7 XXXX realm prepago.com.py
nat symmetric role active
nat symmetric check-media-src
no remote-party-id
retry invite 4
retry response 3
retry bye 2
retry cancel 2
retry register 10
timers register 250
registrar dns:prepago.com.py expires 3600
sip-server dns:prepago.com.py
connection-reuse
!
!
!
gatekeeper
shutdown
!
!
telephony-service
sdspfarm conference mute-on 111 mute-off 222
sdspfarm units 4
sdspfarm unregister force
sdspfarm tag 2 confprof2
video
maximum bit-rate 512
no auto-reg-ephone
authentication credential cme cme
max-ephones 110
max-dn 400
ip source-address 10.132.16.254 port 2000
url services http://10.132.16.253/voiceview/common/login.do
url authentication http://10.132.16.254/CCMCIP/authenticate.asp
user-locale ES
network-locale ES
time-zone 17
time-format 24
date-format dd-mm-yy
voicemail 2000
max-conferences 20 gain -6
moh flash0:music-on-hold.au
multicast moh 239.1.1.1 port 16384
web admin system name cme password cme
dn-webedit
time-webedit
transfer-system full-consult
transfer-pattern .T
create cnf-files version-stamp 7960 May 17 2013 17:38:42
!
Here a ccsip trace:
ME-Praxair#
May 22 18:57:52.946: //144974/5587FF77B8C7/SIP/Msg/ccsipDisplayMsg:
Sent:
INVITE sip:0981515XXX@prepago.com.py:5060 SIP/2.0
Via: SIP/2.0/UDP 10.132.2.1:5060;branch=z9hG4bK2232C30
From: "Test" <>>1999@prepago.com.py>;tag=19648EF0-246
To: <>>0981515XXX@prepago.com.py>
Date: Wed, 22 May 2013 18:57:52 GMT
Call-ID: 571B6F4E-C24811E2-B8CC9077-B82C15B6@10.132.2.1
Supported: 100rel,timer,resource-priority,replaces,sdp-anat
Min-SE: 1800
Cisco-Guid: 1434976119-3259503074-3100086391-3089896886
User-Agent: Cisco-SIPGateway/IOS-12.x
Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY, INFO, REGISTER
CSeq: 101 INVITE
Max-Forwards: 70
Timestamp: 1369249072
Contact: <1999>1999>
Expires: 180
Allow-Events: telephone-event
Content-Type: application/sdp
Content-Disposition: session;handling=required
Content-Length: 346
v=0
o=CiscoSystemsSIP-GW-UserAgent 7670 2053 IN IP4 10.132.2.1
s=SIP Call
c=IN IP4 10.132.2.1
t=0 0
m=audio 31076 RTP/AVP 0 8 18 121 19
c=IN IP4 10.132.2.1
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=yes
a=rtpmap:121 frf-dialed-digit/8000
a=fmtp:121 0-15
a=rtpmap:19 CN/8000
a=direction:active
May 22 18:57:52.954: //144974/5587FF77B8C7/SIP/Msg/ccsipDisplayMsg:
Received:
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 10.132.2.1:5060;branch=z9hG4bK2232C30
From: "Test" <>>1999@prepago.com.py>;tag=19648EF0-246
To: <>>0981515XXX@prepago.com.py>
Call-ID: 571B6F4E-C24811E2-B8CC9077-B82C15B6@10.132.2.1
CSeq: 101 INVITE
Timestamp: 1369249072
May 22 18:57:52.954: //144974/5587FF77B8C7/SIP/Msg/ccsipDisplayMsg:
Received:
SIP/2.0 403 Forbidden
Via: SIP/2.0/UDP 10.132.2.1:5060;branch=z9hG4bK2232C30
From: "Test" <>>1999@prepago.com.py>;tag=19648EF0-246
To: <>>0981515XXX@prepago.com.py>;tag=aprqngfrt-cf14oj20000a6
Call-ID: 571B6F4E-C24811E2-B8CC9077-B82C15B6@10.132.2.1
CSeq: 101 INVITE
Timestamp: 1369249072
May 22 18:57:52.958: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Sent:
ACK sip:0981515XXX@prepago.com.py:5060 SIP/2.0
Via: SIP/2.0/UDP 10.132.2.1:5060;branch=z9hG4bK2232C30
From: "Test" <>>1999@prepago.com.py>;tag=19648EF0-246
To: <>>0981515XXX@prepago.com.py>;tag=aprqngfrt-cf14oj20000a6
Date: Wed, 22 May 2013 18:57:52 GMT
Call-ID: 571B6F4E-C24811E2-B8CC9077-B82C15B6@10.132.2.1
Max-Forwards: 70
CSeq: 101 ACK
Allow-Events: telephone-event
Content-Length: 0
05-27-2013 03:18 PM
Well, Your SIP INVITE is going out via your local ip address..Via: SIP/2.0/UDP 10.132.2.1:5060;branch=z9hG4bK2232C30 and the SDP offer has c=IN IP4 10.132.2.1.
So we can see that you are telling your provider to rspond to you back on this local IP and to send media back to you on that IP.
Your SIP bind commands has been applied to the local interface..
sip
bind control source-interface GigabitEthernet0/0.1
bind media source-interface GigabitEthernet0/0.1
I am sure this interface is the one with this IP 10.132.2.1. You need to bind your sip traffic to an interface your SIP provider has provided to you because thats the IP they trust and can reach you on
Please rate all useful posts
"opportunity is a haughty goddess who waste no time with those who are unprepared"
05-28-2013 06:54 AM
Hello aokanlawon
Indeed interface GigaEther 0/0.1 is 10.132.2.1 but this CME is going through it's default gateway which has the public IP (PAT) to reach the provider, I only have private IP's in my CME device is there a way to configure the binding without having the public IP in one of it's interfaces?
Thanks
05-28-2013 07:09 AM
Horacio,
Your router handling NAT will need to support SIP inspection to properly rewrite the SIP Headers. These are usually calles SIP Application-Level Gateways (ALGs). This can be a CUBE or ASA or any 3rd party gateway that supports SIP inspection and rewrite.
Thanks,
Brian
05-28-2013 07:24 AM
Horacio,
You cant use PAT, you need to be able to do NAT inspection/fixup for SIP. Otherwise, the other side is not going to get the right address in the SIP SDP for where to send RTP to. This is exactly what the sip traces are showing.
Please rate all useful posts
"opportunity is a haughty goddess who waste no time with those who are unprepared"
05-29-2013 02:43 PM
Yes indeed the default gateway is doing PAT how about if I enable ALG on the router? it's a Cisco 1801
ip nat service sip udp port 5060
will that make any difference? The only other option I see is configuring the public IP on the CME which I find a little bit restrictive.
05-29-2013 02:53 PM
Yes the The "ip nat service sip udp port 5060" should be enabled
You can use "debug ip nat sip" to check the NAT ALG function of cisco router.
Please rate all useful posts
"opportunity is a haughty goddess who waste no time with those who are unprepared"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide