Re: SIP/2.0 400 Bad Request - 'Invalid Host'.

JK Kumar · ‎03-24-2017

Hi Friends,

I have the following setup:- Palo Alto Firewall cannot enable the ALG because it breaks Jive..

FW is NAT'ing the external static IP address to the inside CUBE IP address..

B TwilioSIP-Trunk====FW==CUBE--------CUCM----IP Phone A

1> Outgoing SIP calls (A to B) works well!

2> Incoming calls from B(Twilio) to A fails with 400 Bad Request - 'Invalid Host'.

U 2017/03/24 21:45:21.270118 pstn.twilio.com:5060 -> 54.167.153.130:5060
SIP/2.0 400 Bad Request - 'Invalid Host'.
Via: SIP/2.0/UDP

Summary:

CUBE does not know the external IP address that the INVITE is addressed to,

so it rejects the call.

Question:

How can I get this working without help from the Firewall ?

Chanpreet · ‎11-26-2017

Hello,

Are you able to resolve this issue. I have the same issue. Can you help me please.

Error: Invalid host 400

Twilio Trunk —- Firewall(Doing fortwarding here to CME External Interface)—— (again double NaT to cme internal voice IP)Cisco CME

Regards,

chanpreet

Chanpreet · ‎11-28-2017

I am able to resolve this issue by adding public IP address to loop-back interface.

Issue resolved : "Invalid Host"

May be this help in your case as well.

Thanks

Chanpreet

Ibrahima DIALLO · ‎07-29-2020

Adding also a loopback interface with the public IP also resolved my problem.

victor_angeles · ‎09-03-2019

Hello,

I had almos the same issue but instead of a palo alto I have a meraki MX84 with DYNAMIC public IP on BOTH wan ports. After looking on many cases none of them came with the exact solution.

I solved it and I hope this help other people was well only using a sip profile translation with the following commands:

voice service voip

sip

sip-profiles inbound

voice class sip-profiles 4
request INVITE sip-header SIP-Req-URI modify "@(.*):(.*)" "@172.16.100.1:\2"

dial-peer voice 9998 voip
description ** Incoming calls **
translation-profile incoming DID_Voztele.com
answer-address 55........$
session protocol sipv2
session target sip-server
session transport udp
incoming called-number .
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
voice-class sip profiles 4 inbound
dtmf-relay rtp-nte
no vad

The ip address of my CUCME is 172.16.100.1 so you should replace it with the corresponding ip of your CUCME.

Applying the sip profile rute, the replacement was as follows:

Original INVITE from SIP provider:

INVITE sip:5552617013@187.163.170.243:58894 SIP/2.0

Translated INVITE to CUCME:

INVITE sip:5552617013@172.16.100.1:58894 SIP/2.0

This is part of the debug:

086275: Sep 3 15:08:56.371: //-1/xxxxxxxxxxxx/SIP/Info/verbose/64/ccsip_inbound_profile_populate_callinfo_in_ccb: Dial-peer 9998 is used for inbound profiles config
086276: Sep 3 15:08:56.371: //-1/xxxxxxxxxxxx/SIP/Info/info/64/sipSPISetSipProfilesTag: voice class SIP Profiles inbound tag is set : 4
086277: Sep 3 15:08:56.371: //-1/xxxxxxxxxxxx/SIP/Info/info/64/sip_profiles_application_modify_req_uri: Req URI before modification : INVITE sip:5552617013@187.163.170.243:58894 SIP/2.0
086278: Sep 3 15:08:56.371: //-1/xxxxxxxxxxxx/SIP/Info/info/64/sip_profiles_application_modify_req_uri: Req URI after modification : INVITE sip:5552617013@172.16.100.1:58894 SIP/2.0
086279: Sep 3 15:08:56.371: //-1/xxxxxxxxxxxx/SIP/Info/verbose/4096/ccsip_new_msg_preprocessor: Checking Invite Dialog

Don't forget to configure the port forwarding rule of tcp/udp 5060 to your GW on the Meraki.

I hope this helps!

Regards

Victor

peterstrahan · ‎07-06-2020

Hi Victor,

I had a Customer without an ALG and used your method as part of my Solution.

Thank you for your help!

Peter