Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2941
Views
15
Helpful
2
Replies

SIP-trunk in VRF

HUBERT RESCH
Level 3
Level 3

‎09-21-2017 05:06 AM - edited ‎03-17-2019 11:12 AM

Hi all, I am searching for a way to have the communication between VOIP-Gateway (ISR4000) and IP-Phone, between VOIP-Gateway and CUCM in the global-Routing-table, and the communication between VOIP-Gateway and SIP-provider in a VRF for security-reasons. Is that supported in any way ?

 

Config looks like following :

 

interface Loopback1

description Loopback-Interface for Voice-Applications

ip address 10.224.255.5 255.255.255.252

ip pim sparse-mode

h323-gateway voip interface  

!

interface GigabitEthernet0/0.751

description IP-Phones_Vlan751

encapsulation dot1Q 751

ip address 10.224.51.1 255.255.255.0

ip access-group ip-traffic-voice-in in

no ip redirects

no ip proxy-arp

ip accounting output-packets

ip pim sparse-mode

ip verify unicast source reachable-via rx

ip tcp adjust-mss 1320

service-policy input xQOS-MARK-POLICY

!

 

interface GigabitEthernet0/2

description SIP-Connect

!#### ip vrf forwarding FVRF-SIP-TRUNK         ->>>> this Interface should be  in VRF

 ip address 192.168.1.254 255.255.255.0

ip access-group SIP-ACL-TOLL-Fraud in

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow monitor FLOW_MONITOR input

ip flow monitor FLOW_MONITOR output

load-interval 30

duplex auto

speed auto

no cdp enable

!

ip route 162.218.251.159 255.255.255.255 192.168.1.1

!#### ip route FVRF-SIP-TRUNK 162.218.251.159 255.255.255.255 GigabitEthernet0/2 192.168.1.1

!

ip access-list extended SIP-ACL-TOLL-Fraud

permit ip host 192.168.1.1 host 192.168.1.254

permit ip host 162.218.251.159 host 192.168.1.254

deny   ip any any

!

dial-peer voice 1001 voip

description *SIP Trunk from CUCM*

session protocol sipv2

voice-class codec 7000

voice-class sip bind control source-interface Loopback1

voice-class sip bind media source-interface Loopback1

dtmf-relay rtp-nte

no vad

!

dial-peer voice 1000 voip

description *SIP Trunk to CUCM*

destination-pattern T

session protocol sipv2

session server-group 1

voice-class codec 7000

no voice-class sip outbound-proxy  

voice-class sip bind control source-interface Loopback1

voice-class sip bind media source-interface Loopback1

dtmf-relay rtp-nte

no vad

!

dial-peer voice 3001 voip

description incoming from SIP_PROVIDER

translation-profile incoming TELE2SIPIN

service auto_att_flash

session protocol sipv2

 session target ipv4:162.218.251.159:5083

incoming called-number +43723485085T

incoming uri from 1

no voice-class sip outbound-proxy  

voice-class sip profiles 1

voice-class sip options-keepalive

voice-class sip copy-list 1

dtmf-relay rtp-nte

codec g711ulaw

no vad

!

dial-peer voice 3000 voip

description to SIP_PROVIDER

translation-profile outgoing TELE2SIPOUT

destination-pattern T

session protocol sipv2

 session target ipv4:162.218.251.159:5083

voice-class codec 7000

no voice-class sip associate registered-number

no voice-class sip outbound-proxy  

voice-class sip profiles 1

voice-class sip copy-list 1

dtmf-relay rtp-nte

no vad

!

sip-ua

credentials ....

authentication ....

retry invite 3

retry register 3

timers trying 1000

 registrar ipv4:162.218.251.159:5083 expires 3600

connection-reuse

!

!

1 person had this problem
Labels:
2 Replies 2

Mohammed al Baqari
Level 11
Level 11

‎09-21-2017 07:08 AM

If you are running IOS 15.6(2)T and above or IOS-XE16.3.1, then it will
work. Not before that.

Tristan Cober
Level 1
Level 1

‎11-20-2017 03:56 PM - edited ‎11-20-2017 04:07 PM

Bumping as I am having problems with registering a SIP trunk with this exact scenario, Outside in VRF Inside in global. Even with correct bindings and using multi-tenant the SIP Registers refuse to use anything but the global routing table. Running 15.6(2)T2

 

--------------

 

CUBE1#show ip int br
Interface                  IP-Address      OK? Method Status                Protocol
Embedded-Service-Engine0/0 unassigned      YES unset  administratively down down
GigabitEthernet0/0         unassigned      YES NVRAM  up                    up
GigabitEthernet0/0.10      <Inside IP>    YES NVRAM  up                    up
GigabitEthernet0/1         <Outside IP>    YES manual up                    up
GigabitEthernet0/2         unassigned      YES NVRAM  administratively down down

 

CUBE1#show vrf
  Name                             Default RD            Protocols   Interfaces
  Outside                             1:1                       ipv4           Gi0/1

 

voice class tenant 1
  registrar ipv4:<provider IP>:5060 expires 3600
  credentials username XXXX password YYYY realm <realm>
  authentication username XXXX password YYYY realm <realm>
  no remote-party-id
  retry invite 2
  timers trying 150
  timers connect 100
  timers buffer-invite 2500
  sip-server ipv4:<provider IP>:5060
  bind control source-interface GigabitEthernet0/1
  bind media source-interface GigabitEthernet0/1

 

dial-peer voice 2000 voip
 description *Outbound WAN dial-peer. Sending Calls from CUBE to ISP
 session protocol sipv2
 session target ipv4:<provider IP>
 session transport udp
 destination e164-pattern-map 3001
 voice-class sip tenant 1
 voice-class sip bind control source-interface GigabitEthernet0/1
 voice-class sip bind media source-interface GigabitEthernet0/1
 dtmf-relay rtp-nte
 codec g711ulaw
 clid network-number XXXX
 no vad

 

 

 

008967: Nov 20 13:09:28.181 PST: //853599/000000000000/SIP/Transport/sipSPISendRegister: Sending REGISTER to the transport layer
008968: Nov 20 13:09:28.181 PST: //853599/000000000000/SIP/Function/sipSPIGetSwitchTransportFlag:
008969: Nov 20 13:09:28.181 PST: //853599/000000000000/SIP/Transport/sipSPIGetSwitchTransportFlag: Return the Global configuration, Switch Transport is FALSE
008970: Nov 20 13:09:28.181 PST: //853599/000000000000/SIP/Transport/sipSPITransportSendMessage: msg=0x3E774458, addr=<provider IP>, port=5060, sentBy_port=0, local_addr=<Outside IP>, is_req=1, transport=1, switch=0, callBack=0x0
008971: Nov 20 13:09:28.181 PST: //853599/000000000000/SIP/Function/ccsip_profile_application:
008972: Nov 20 13:09:28.181 PST: //853599/000000000000/SIP/Function/sipSPIGetExtensionCfg:
008973: Nov 20 13:09:28.181 PST: //853599/000000000000/SIP/Info/info/2048/sipSPIGetExtensionCfg: SIP extension config:1, check sys cfg:1
008974: Nov 20 13:09:28.181 PST: //853599/000000000000/SIP/Function/ccsip_profile_application:exit@24647:
008975: Nov 20 13:09:28.181 PST: //853599/000000000000/SIP/Function/ccsip_extension_application:
008976: Nov 20 13:09:28.181 PST: //853599/000000000000/SIP/Function/sipSPIGetExtensionCfg:
008977: Nov 20 13:09:28.181 PST: //853599/000000000000/SIP/Info/info/2048/sipSPIGetExtensionCfg: SIP extension config:1, check sys cfg:1
008978: Nov 20 13:09:28.181 PST: //853599/000000000000/SIP/Function/ccsip_extension_application:exit@36877:
008979: Nov 20 13:09:28.181 PST: //853599/000000000000/SIP/Transport/sipSPITransportSendMessage: Proceedable for sending msg immediately
008980: Nov 20 13:09:28.181 PST: //-1/xxxxxxxxxxxx/SIP/Transport/sipConnectionManagerGetConnection: connection required for raddr:<provider IP>, rport:5060 with laddr:<Outside IP>

008981: Nov 20 13:09:28.181 PST: //-1/xxxxxxxxxxxx/SIP/Transport/sipInstanceGetConnectionId: gcb=0x23A7E1D0 is already on connection=0x229DFDB8 context_list
008982: Nov 20 13:09:28.181 PST: //853599/000000000000/SIP/Transport/sipTransportLogicSendMsg: Set to send the msg=0x3E774458
008983: Nov 20 13:09:28.181 PST: //-1/xxxxxxxxxxxx/SIP/Transport/sipTransportPostSendMessage: Posting send for msg=0x3E774458, addr=<provider IP>, port=5060, local_addr=<Outside IP>, connId=4 vrfid=0 for UDP
008984: Nov 20 13:09:28.181 PST: FIBipv4-packet-proc: route packet from (local) src <Outside IP> dst <provider IP>
008985: Nov 20 13:09:28.181 PST: FIBfwd-proc: packet routed by adj to GigabitEthernet0/0.10 <Inside Next Hop IP>
008986: Nov 20 13:09:28.181 PST: FIBipv4-packet-proc: packet routing succeeded
008987: Nov 20 13:09:28.181 PST: IP: s=<Outside IP> (local), d=<provider IP>(GigabitEthernet0/0.10), len 503, sending
008988: Nov 20 13:09:28.181 PST:     UDP src=50534, dst=5060

008989: Nov 20 13:09:28.181 PST: IP: s=<Outside IP> (local), d=<provider IP> (GigabitEthernet0/0.10), len 503, output feature
008990: Nov 20 13:09:28.181 PST:     UDP src=50534, dst=5060, RITE(91), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
008991: Nov 20 13:09:28.181 PST: IP: s=<Outside IP> (local), d=<provider IP> (GigabitEthernet0/0.10), len 503, sending full packet
008992: Nov 20 13:09:28.181 PST:     UDP src=50534, dst=5060

008993: Nov 20 13:09:28.181 PST: //853599/000000000000/SIP/Msg/ccsipDisplayMsg:

 

Sent:
REGISTER sip:<provider IP>:5060 SIP/2.0

0 Helpful
Customers Also Viewed These Support Documents