11-06-2024 09:33 PM
Hi all,
Have a customer with a CUBE that has a SIP trunk out to a telephony provider, and I'm trying to setup SIP communications to a 3rd party contact centre provider. The 3rd party CC will be connected via a separate link that traverses a firewall that is NATing the traffic. Specific calls inbound from the IPT provider will be redirected to the 3rd party contact centre, and calls will also be made from the 3rd party CC out the SIP trunk to the telephony provider via the same CUBE.
I have the inbound calls working correctly, modifying the source address and number format in the SIP messaging as required with sip-profiles assigned to the dial peers. However, outbound calls are failing, as I can see in the SIP debugs that the number format and IP addressing aren't being modified on those calls. I have applied the sip-profile at the voice service voip - sip level, as these messages need to be modified before a dial peer is selected, but I cannot seem to get them to take affect.
I have confirmed my rule works fine in the Cisco Collaboration Solutions Analyzer, so I believe the problem doesn't lie with the rule itself, but with how it is being applied.
The only idea I've had is that the media and control is bound to a different interface under voice service voip - sip, so maybe it isn't being applied? But if that's the case, I have no idea where else I could apply the sip-profile where it will affect these calls.
Modified example (real IPs hashed out, but trust me they match
voice service voip
sip
sip-profiles inbound
sip-profiles 3 inbound
!
voice class sip-profiles 3
request ANY sip-header To modify "sip:\+61(.*)@#.#.#.#" "sip:0\1@#.#.#.#"
!
Any ideas?
Thanks in advance,
Jason
Solved! Go to Solution.
11-22-2024 12:31 AM
Just updating with the solution. My friend was right, once I created a loopback on the CUBE itself with the public IP all of my SIP profiles started applying. Also helped once I pushed for actual remote access instead of trying to talk the customer through configuring the devices over the phone. Thanks again for all your help, it was very much appreciated
11-06-2024 11:56 PM
Can you please provide a little bit more details on why you'd need to apply this globally? I don't quite understand why you cannot do in on the dial peers.
11-07-2024 12:03 AM
I did actually just try applying it to the inbound dial-peer, but it didn't seem to help. In both instances (and also when it's applied in both places) in the debugs I see the initial invite come in with the incorrect number format and destination address, then I see it match my inbound dial-peer, then it sends a "SIP/2.0 400 Bad Request - 'Invalid Host'" message back with the incorrect number format and IP address. During my googling I saw people saying that I would need to make the modifications before dial-peer selection, and the place to do that is under voice service voip - sip.
Appreciate the help
Jason
11-07-2024 03:20 AM
You'll need to modify more than what you have in your SIP profile when you use NAT. Try with this.
voice class sip-profiles 10
rule 10 request ANY sip-header From modify "<inside IP of SBC>" "<outside IP of SBC>"
rule 20 request ANY sip-header From modify "<outside IP of SBC>" "<public IP of SBC>"
rule 30 request ANY sip-header Remote-Party-ID modify "Remote-Party-ID:(.*)(<sip:.*@.*>)" "Remote-Party-ID: \2"
rule 40 response ANY sip-header Remote-Party-ID modify "Remote-Party-ID:(.*)(<sip:.*@.*>)" "Remote-Party-ID: \2"
rule 50 request ANY sip-header P-Asserted-Identity modify "P-Asserted-Identity:(.*)(<sip:.*@.*>)" "P-Asserted-Identity: \2"
rule 60 response ANY sip-header P-Asserted-Identity modify "P-Asserted-Identity:(.*)(<sip:.*@.*>)" "P-Asserted-Identity: \2"
rule 70 request ANY sip-header Contact modify "(<.*)@<outside IP of SBC>:(.*)>" "\1@<public IP of SBC>:\2>"
rule 80 response ANY sip-header Contact modify "(<.*)@<outside IP of SBC>:(.*)>" "\1@<public IP of SBC>:\2>"
rule 90 request ANY sip-header Via modify "(SIP.*) <outside IP of SBC>(.*)" "\1 <public IP of SBC>\2"
rule 100 request INVITE sip-header Requested-By modify "(.*:)<outside IP of SBC>>" "\1<public IP of SBC>>"
rule 110 request ANY sdp-header Session-Owner modify "<outside IP of SBC>" "<public IP of SBC>"
rule 120 response ANY sdp-header Session-Owner modify "<outside IP of SBC>" "<public IP of SBC>"
rule 130 request ANY sdp-header Connection-Info modify "<outside IP of SBC>" "<public IP of SBC>"
rule 140 response ANY sdp-header Connection-Info modify "<outside IP of SBC>" "<public IP of SBC>"
rule 150 request ANY sdp-header Audio-Connection-Info modify "<outside IP of SBC>" "<public IP of SBC>"
rule 160 response ANY sdp-header Audio-Connection-Info modify "<outside IP of SBC>" "<public IP of SBC>
!
voice class sip-profiles 110
rule 10 request ANY sip-header From modify "<public IP of SBC>" "<outside IP of SBC>"
rule 20 request OPTIONS sip-header SIP-Req-URI modify "<public IP of SBC>" "<outside IP of SBC>"
rule 30 request ANY sip-header To modify "<public IP of SBC>" "<outside IP of SBC>"
!
voice class sip-profiles 210
rule 10 request ANY sip-header Via modify "(SIP.*) <outside IP of SBC>(.*)" "\1 <public IP of SBC>\2"
rule 20 request OPTIONS sip-header From modify "(<.*):<outside IP of SBC>" "\1:<public IP of SBC>"
rule 30 request ANY sip-header To modify "(<.*):<outside IP of SBC>" "\1:<public IP of SBC>"
rule 40 request OPTIONS sip-header Contact modify "(<.*):<outside IP of SBC>" "\1:<public IP of SBC>"
rule 50 response ANY sdp-header Connection-Info modify "<outside IP of SBC>" "<public IP of SBC>"
rule 60 response ANY sdp-header Audio-Connection-Info modify "<outside IP of SBC>" "<public IP of SBC>"
!
voice class sip-options-keepalive 2100
description ** 3rd party CC - Options-Ping **
sip-profiles 210
!
dial-peer voice 200 voip
description Inbound calls from 3rd party CC
incoming uri via 3rdCC
voice-class sip profiles 110 inbound
!
dial-peer voice 210 voip
description Outbound calls to 3rd party CC
session server-group 2100
voice-class sip profiles 10
voice-class sip options-keepalive profile 2100
11-07-2024 05:32 AM
For changing the number format I would suggest that you use voice translation rules. Something along with this should make the changes you mentioned.
voice translation-rule 10
rule 1 /^+\61\(.*\)/ /0\1/
!
voice translation-profile 3rdCC-OUT
translate called 10
!
dial-peer voice 210 voip
description Outbound calls to 3rd party CC
translation-profile outgoing 3rdCC-OUT
11-07-2024 06:06 PM - edited 11-07-2024 06:07 PM
Thanks for your responses, they are very much appreciated.
I think my main problem is the "SIP/2.0 400 Bad Request - 'Invalid Host'" response the CUBE is sending back to the 3rd party. A friend mentioned he had seen this previously, and for him the CUBE was just dropping the calls because the destination IP didn't exist on the CUBE. He suggested creating a loopback on the CUBE with the public IP which resolved the issue when he encountered it, but the customer is reporting that this has not helped
11-07-2024 09:55 PM
With this “the destination IP didn't exist on the CUBE” what do you mean by that? Is destination referring to the 3:rd party CC system or is it the nated IP of the interface on the Cube facing the 3:rd party CC system?
11-10-2024 04:31 PM
The public IP address is being NAT'd from a firewall. Adding the public address as a loopback on the CUBE itself does seem to have alleviated the Invalid Host issue. Haven't been able to reapply the other SIP header modifications as I don't have direct access to the CUBE, and have been having to send the config changes to the customer for them to apply, then waiting for their feedback (I'm pushing for remote access
11-10-2024 09:48 PM
How does your dial peer match in the inbound direction? Would it be possible for you to share your running configuration, with any sensitive information masked out, so that we can verify it?
11-22-2024 12:31 AM
Just updating with the solution. My friend was right, once I created a loopback on the CUBE itself with the public IP all of my SIP profiles started applying. Also helped once I pushed for actual remote access instead of trying to talk the customer through configuring the devices over the phone. Thanks again for all your help, it was very much appreciated
11-22-2024 03:06 AM
Just as an FYI, we run a number of SBC that are being located behind a firewall that does NAT and we don’t have a loopback interface with the public IP on these. You can get it to work without that, but as your not sharing your running configuration or answering my question about how you match inbound dial peer it’s a little hard to help you out.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide