Showing results for 
Search instead for 
Did you mean: 
Walkthrough Wednesdays

SIP Trunk setup for UK Based Draytel

Hi All,

Can anybody help with setting up SIP trunking for Draytel ( on UC540? The draytel website recommends the following settings:


Outgoing Proxy :

I have edited an XML template and have imported into the SIP trunk configuration using CCA 3.0.

I can make outgoing calls, but cannot receive calls

Checking SIP Trunk Status in Diagnostics shows that the line is not registered:

-----------  show sip-ua register status   -----------              

Line                             peer       expires(sec) registered                               P-Associ-URI
================================ ========== ============ ========== ============
0208*******                    20007       41               no        
8******                          -1              2322           yes

-----------  End CLI Output  -----------

I have set the WAN port behind a Netgear router, however I have set the WAN port as a DMZ Host so all in bound trafic should hit the UC540 WAN port.

My question is really whether I need to set an inbound Cisco firewall route for 5065 and if so to which internal address?  Also does a NAT entry have to be made for thr 5065 port on the UC540?

The xml file that I have set up has the following settings (has the 5065 port entry been enetred in the right place?):

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<ns1:SIPProviderTemplate xmlns:ns1="SIPProviderXMLSchema">
    <Locale>United Kingdom</Locale>
            <FieldName>Proxy Server</FieldName>
            <FieldName>Secondary Proxy Server</FieldName>
            <FieldName>Registrar Server</FieldName>
            <FieldName>Outbound Proxy Server</FieldName>
            <FieldName>SIP Domain Name</FieldName>
            <FieldName>Digest Authentication</FieldName>
            <FieldName>User Credentials</FieldName>
            <FieldName>Call Admission Controls</FieldName>
            <FieldName>Company Name</FieldName>
    <CredentialsRealm>Proxy Server</CredentialsRealm>
    <FaxProtocol>Upspeed G711</FaxProtocol>
    <DTMFMethod>RFC 2833</DTMFMethod>

Any guidance would be most appreciated as I am starting to tear my hair out on this one.

Many thanks

Cisco Employee

there are lot of resource regarding this issue: would suggest you go through this link first

could you please share your dial peer configuration...

Hi there,

Many thans for the rapid response vasank.  I've extracted the dial peer info as there's quite a bit there, I've attached as a txt file.  Is this what you were requesting?

Also I have noticed that the following entries are in the access list 104:

access-list 104 permit udp host eq 5060 any
access-list 104 permit udp host any eq 5060
access-list 104 permit udp host eq 5060 any
access-list 104 permit udp host any eq 5060

Should there also be entries for port 5065 as the outgoing communicates on this port?

Hey there,

can you try removing the " permission term" from the dial peer 1000

dial-peer voice 1000 voip


permission term---- delete it

description ** Incoming call from SIP trunk (DrayTel) **

session protocol sipv2

session target sip-server

incoming called-number .%

voice-class codec 1

voice-class sip dtmf-relay force rtp-nte

dtmf-relay rtp-nte

ip qos dscp cs3 signaling

no vad

Hi Vasank,

Many thanks I will try now and report back the result.

sure do


OK I finally managed to make the change the new config is attached.  Permission has been set to: none

However it still fails to register and also still no incoming calls


First of all try this:

under config t

dial-peer voice 1000 voip

no permission term

then give do show dial-peer voice 1000 it should show "permission:both" and

not "permission:none"

I see here that in dial-peer you are using g729 codec and in the XML

conifugration file you have configured G711ulaw for the SIP provider do you

have transcoder resources to be invoked here...


Many thanks for your support, I have tried changing to permission:both, still no joy, with regards codec of g729, thats interesting, I can make outgoiung calls with no problem, so am assuming that that will be using g729, even though configured for G711ulaw.  However what keeps bugging me is the port no: 5065 - why is this not acknowleged in any of the configs, or am I on a red herring?

can you attach the output of

1. "debug ccsip all" for an inbound call then clear the screen and make an

outbound call do not forget to do term mon

and access list that you mentioned where is it applied exactly.

check the dial peer which is being used when makin outgoing calls is that

too g729 or g711..

since the incoming dial peer is g729 and incoming calls from pstn are like

to 64kbps PCm ie g711.

Hi Vasank,

Have had no time this week - was working!!  Anyway, Ive done a little more testing and have applied a few more debugs and have found something interesting that may help get to the bottom of this.  with debugs trurned on a I am making incomming call and notice this error in the output:

034265: Feb 10 17:33:28.713: //27723/000000000000/SIP/Msg/ccsipDisplayMsg:
SIP/2.0 403 Forbidden auth ID
Via: SIP/2.0/UDP;rport=5060;received=;branch=z9hG4bK21BA2178
From: <>>;tag=2BFE7C5C-233
To: <>>;tag=dea7ace6b651c43aa467a5e170703289.5d62
Call-ID: 82064CF5-2E7111E0-885F908B-B9A173BB
Server: OpenSIPS (1.5.1-notls (x86_64/linux))
Content-Length: 0

The 403 error indicates that the dryatel server which looks like it is asterisk does not like the way I am authenticating, I have attached the whole debug log in case you spot something I can't.

Looked up 403 and got:

403 Forbidden

   The server understood the request, but is refusing to fulfill it.

   Authorization will not help, and the request SHOULD NOT be repeated.

I think this issue could be related to your well do u have proper inside and outside address translation...


With regards batting, this could be an issue.  At the moment the wan port of the uc540 is connected to the lan port of a netgear router.  The Wan address for the UC540 is  The Router gateway address is  This then has a Public RIPE Address.  The Router is set such that the DMZ host is so all traffic will hit the address.

Is the problem that the Cisco is using a non routable address while registering?  Is there anyway of making it use the RIPE address.  I cannot connect the wan port of the cisco directly to the internet as the connection is adsl.  I am now going to investigate if I can use PPPoE with the netgear DG834.

Content for Community-Ad

Spotlight Awards 2021