11-09-2016 08:00 AM - edited 07-24-2020 12:24 PM
Currently have an ASA 5505 and a uc540. I'm trying to test a sip trunk with this configuration and having a hard time getting inbound calls to work. The calls are passing to my uc540 but I am getting an invalid host. I can make outbound calls but not inbound calls at the moment. Below are the call traps.
11-09-2016 09:23 AM
You are sending a call to 38.96.40.186
Is 38.96.40.186 your UC500 ?
11-09-2016 12:26 PM
No the UC is 192.168.0.2
11-10-2016 12:48 AM
Well that's your problem.
So there are several ways of fixing this.
1. Configure the Asterisk PBX SIP Trunk to your UC500, to send calls to a proxy defined as 192.168.0.2 and at the same time to use an "outbound proxy" of 38.96.40.186
This will mean calls will be sent to 38.96.40.185 but the SIP message will be constructed correctly as INVITE sip:7143863279@192.168.0.2 SIP/2.0
or
2. On your ASA firewall configure the Application Layer Gateway (ALG) for SIP. This should mean the ASA does the the swap from 38.96.40.186 to 192.168.0.2 for you.
This is normally on by default, at least for port 5060.
Under sip-ua on the UC500, you could try using the "connection reuse" command. This makes all sip traffic originating from the UC500 to use port 5060 (unless otherwise configured) and means the firewall would stand a better chance of building a nat session for sip. But I think you have probably got a static nat session setup on your ASA - so check out the protocol fix up settings.
or
3. Not recommended unless you know about sip security, but I have seen many Cube's with public IP's, so you could put a public IP on there, but again, serious secutity considerations need to be thought about before doing this.
or
4. There is a sip-ua command. 'permit dns hostname'
http://www.cisco.com/c/en/us/td/docs/ios/voice/sip/configuration/guide/15_0/sip_15_0_book/sip_cg-msg_tmr_rspns.html
You could try creating a DNS entry for 38.96.40.186 and then having:
sip-ua
permit hostname dns:your.dns.name
or even perhaps,
permit hostname dns:38.96.40.186 (not sure this works - give is a go)
Hope this helps
11-10-2016 02:30 PM
Thanks Adam, ill try your suggestions and see which one works best.
12-21-2016 07:23 AM
Thanks Adam, I am harving a hard time trying to picture why its only rejecting inbound calls still. When I Call in its Public IP for SIP PROVIDER 10.X.X.X > My Public IP 11.X.X.X > Firewall > PBx 12.X.X.X. When it hits my UC540 system i see the sip packet with the bad request is
SIP/2.0 400 Bad Request - 'Invalid Host'
Via: SIP/2.0/UDP 38.96.36.23:5060;branch=z9hG4bK5108da02;rport
From: "NGUYEN,JASON" <sip:7144945000@10.X.X.X>;tag=as085f8bb8
To: <sip:7143863279@11.X.X.X>;tag=F988C9C4-241F
Does that mean that my firewall should be changing my to packet to reflect my UC540 and not the my Public IP?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide