09-21-2017 05:06 AM - edited 03-17-2019 11:12 AM
Hi all, I am searching for a way to have the communication between VOIP-Gateway (ISR4000) and IP-Phone, between VOIP-Gateway and CUCM in the global-Routing-table, and the communication between VOIP-Gateway and SIP-provider in a VRF for security-reasons. Is that supported in any way ?
Config looks like following :
interface Loopback1
description Loopback-Interface for Voice-Applications
ip address 10.224.255.5 255.255.255.252
ip pim sparse-mode
h323-gateway voip interface
!
interface GigabitEthernet0/0.751
description IP-Phones_Vlan751
encapsulation dot1Q 751
ip address 10.224.51.1 255.255.255.0
ip access-group ip-traffic-voice-in in
no ip redirects
no ip proxy-arp
ip accounting output-packets
ip pim sparse-mode
ip verify unicast source reachable-via rx
ip tcp adjust-mss 1320
service-policy input xQOS-MARK-POLICY
!
interface GigabitEthernet0/2
description SIP-Connect
!#### ip vrf forwarding FVRF-SIP-TRUNK ->>>> this Interface should be in VRF
ip address 192.168.1.254 255.255.255.0
ip access-group SIP-ACL-TOLL-Fraud in
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow monitor FLOW_MONITOR input
ip flow monitor FLOW_MONITOR output
load-interval 30
duplex auto
speed auto
no cdp enable
!
ip route 162.218.251.159 255.255.255.255 192.168.1.1
!#### ip route FVRF-SIP-TRUNK 162.218.251.159 255.255.255.255 GigabitEthernet0/2 192.168.1.1
!
ip access-list extended SIP-ACL-TOLL-Fraud
permit ip host 192.168.1.1 host 192.168.1.254
permit ip host 162.218.251.159 host 192.168.1.254
deny ip any any
!
dial-peer voice 1001 voip
description *SIP Trunk from CUCM*
session protocol sipv2
voice-class codec 7000
voice-class sip bind control source-interface Loopback1
voice-class sip bind media source-interface Loopback1
dtmf-relay rtp-nte
no vad
!
dial-peer voice 1000 voip
description *SIP Trunk to CUCM*
destination-pattern T
session protocol sipv2
session server-group 1
voice-class codec 7000
no voice-class sip outbound-proxy
voice-class sip bind control source-interface Loopback1
voice-class sip bind media source-interface Loopback1
dtmf-relay rtp-nte
no vad
!
dial-peer voice 3001 voip
description incoming from SIP_PROVIDER
translation-profile incoming TELE2SIPIN
service auto_att_flash
session protocol sipv2
session target ipv4:162.218.251.159:5083
incoming called-number +43723485085T
incoming uri from 1
no voice-class sip outbound-proxy
voice-class sip profiles 1
voice-class sip options-keepalive
voice-class sip copy-list 1
dtmf-relay rtp-nte
codec g711ulaw
no vad
!
dial-peer voice 3000 voip
description to SIP_PROVIDER
translation-profile outgoing TELE2SIPOUT
destination-pattern T
session protocol sipv2
session target ipv4:162.218.251.159:5083
voice-class codec 7000
no voice-class sip associate registered-number
no voice-class sip outbound-proxy
voice-class sip profiles 1
voice-class sip copy-list 1
dtmf-relay rtp-nte
no vad
!
sip-ua
credentials ....
authentication ....
retry invite 3
retry register 3
timers trying 1000
registrar ipv4:162.218.251.159:5083 expires 3600
connection-reuse
!
!
09-21-2017 07:08 AM
11-20-2017 03:56 PM - edited 11-20-2017 04:07 PM
Bumping as I am having problems with registering a SIP trunk with this exact scenario, Outside in VRF Inside in global. Even with correct bindings and using multi-tenant the SIP Registers refuse to use anything but the global routing table. Running 15.6(2)T2
--------------
CUBE1#show ip int br
Interface IP-Address OK? Method Status Protocol
Embedded-Service-Engine0/0 unassigned YES unset administratively down down
GigabitEthernet0/0 unassigned YES NVRAM up up
GigabitEthernet0/0.10 <Inside IP> YES NVRAM up up
GigabitEthernet0/1 <Outside IP> YES manual up up
GigabitEthernet0/2 unassigned YES NVRAM administratively down down
CUBE1#show vrf
Name Default RD Protocols Interfaces
Outside 1:1 ipv4 Gi0/1
voice class tenant 1
registrar ipv4:<provider IP>:5060 expires 3600
credentials username XXXX password YYYY realm <realm>
authentication username XXXX password YYYY realm <realm>
no remote-party-id
retry invite 2
timers trying 150
timers connect 100
timers buffer-invite 2500
sip-server ipv4:<provider IP>:5060
bind control source-interface GigabitEthernet0/1
bind media source-interface GigabitEthernet0/1
dial-peer voice 2000 voip
description *Outbound WAN dial-peer. Sending Calls from CUBE to ISP
session protocol sipv2
session target ipv4:<provider IP>
session transport udp
destination e164-pattern-map 3001
voice-class sip tenant 1
voice-class sip bind control source-interface GigabitEthernet0/1
voice-class sip bind media source-interface GigabitEthernet0/1
dtmf-relay rtp-nte
codec g711ulaw
clid network-number XXXX
no vad
008967: Nov 20 13:09:28.181 PST: //853599/000000000000/SIP/Transport/sipSPISendRegister: Sending REGISTER to the transport layer
008968: Nov 20 13:09:28.181 PST: //853599/000000000000/SIP/Function/sipSPIGetSwitchTransportFlag:
008969: Nov 20 13:09:28.181 PST: //853599/000000000000/SIP/Transport/sipSPIGetSwitchTransportFlag: Return the Global configuration, Switch Transport is FALSE
008970: Nov 20 13:09:28.181 PST: //853599/000000000000/SIP/Transport/sipSPITransportSendMessage: msg=0x3E774458, addr=<provider IP>, port=5060, sentBy_port=0, local_addr=<Outside IP>, is_req=1, transport=1, switch=0, callBack=0x0
008971: Nov 20 13:09:28.181 PST: //853599/000000000000/SIP/Function/ccsip_profile_application:
008972: Nov 20 13:09:28.181 PST: //853599/000000000000/SIP/Function/sipSPIGetExtensionCfg:
008973: Nov 20 13:09:28.181 PST: //853599/000000000000/SIP/Info/info/2048/sipSPIGetExtensionCfg: SIP extension config:1, check sys cfg:1
008974: Nov 20 13:09:28.181 PST: //853599/000000000000/SIP/Function/ccsip_profile_application:exit@24647:
008975: Nov 20 13:09:28.181 PST: //853599/000000000000/SIP/Function/ccsip_extension_application:
008976: Nov 20 13:09:28.181 PST: //853599/000000000000/SIP/Function/sipSPIGetExtensionCfg:
008977: Nov 20 13:09:28.181 PST: //853599/000000000000/SIP/Info/info/2048/sipSPIGetExtensionCfg: SIP extension config:1, check sys cfg:1
008978: Nov 20 13:09:28.181 PST: //853599/000000000000/SIP/Function/ccsip_extension_application:exit@36877:
008979: Nov 20 13:09:28.181 PST: //853599/000000000000/SIP/Transport/sipSPITransportSendMessage: Proceedable for sending msg immediately
008980: Nov 20 13:09:28.181 PST: //-1/xxxxxxxxxxxx/SIP/Transport/sipConnectionManagerGetConnection: connection required for raddr:<provider IP>, rport:5060 with laddr:<Outside IP>
008981: Nov 20 13:09:28.181 PST: //-1/xxxxxxxxxxxx/SIP/Transport/sipInstanceGetConnectionId: gcb=0x23A7E1D0 is already on connection=0x229DFDB8 context_list
008982: Nov 20 13:09:28.181 PST: //853599/000000000000/SIP/Transport/sipTransportLogicSendMsg: Set to send the msg=0x3E774458
008983: Nov 20 13:09:28.181 PST: //-1/xxxxxxxxxxxx/SIP/Transport/sipTransportPostSendMessage: Posting send for msg=0x3E774458, addr=<provider IP>, port=5060, local_addr=<Outside IP>, connId=4 vrfid=0 for UDP
008984: Nov 20 13:09:28.181 PST: FIBipv4-packet-proc: route packet from (local) src <Outside IP> dst <provider IP>
008985: Nov 20 13:09:28.181 PST: FIBfwd-proc: packet routed by adj to GigabitEthernet0/0.10 <Inside Next Hop IP>
008986: Nov 20 13:09:28.181 PST: FIBipv4-packet-proc: packet routing succeeded
008987: Nov 20 13:09:28.181 PST: IP: s=<Outside IP> (local), d=<provider IP>(GigabitEthernet0/0.10), len 503, sending
008988: Nov 20 13:09:28.181 PST: UDP src=50534, dst=5060
008989: Nov 20 13:09:28.181 PST: IP: s=<Outside IP> (local), d=<provider IP> (GigabitEthernet0/0.10), len 503, output feature
008990: Nov 20 13:09:28.181 PST: UDP src=50534, dst=5060, RITE(91), rtype 1, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
008991: Nov 20 13:09:28.181 PST: IP: s=<Outside IP> (local), d=<provider IP> (GigabitEthernet0/0.10), len 503, sending full packet
008992: Nov 20 13:09:28.181 PST: UDP src=50534, dst=5060
008993: Nov 20 13:09:28.181 PST: //853599/000000000000/SIP/Msg/ccsipDisplayMsg:
Sent:
REGISTER sip:<provider IP>:5060 SIP/2.0
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide