07-04-2010 12:36 PM - edited 03-15-2019 11:32 PM
Hi, I have a SIP trunk setup between C2801 cube and ITSP, ITSP gave us 4 IP addresses that will be involved in signalling and media source, so I configured the following ACL to limit outside access to my CUBE's IP 172.24.34.5
10 permit ip host 172.24.0.97 host 172.24.34.5 (50 matches) <== 172.24.0.97 is ITSP's softswtich
15 permit ip host 172.24.0.98 host 172.24.34.5 (3527 matches) <== 172.24.0.98 is ITSP's media source
20 permit ip host 172.24.0.113 host 172.24.34.5 (173 matches) <== 172.24.0.113 is ITSP's softswtich
30 permit ip host 172.24.0.114 host 172.24.34.5 (46604 matches) <== 172.24.34.5 is ITSP's media source
Once the above ACL is applied on ITSP's inbound interface, voice signalling is fine, but I always have one way audio -- audio from ITSP side can not be heard, ACL counters (for media) keeps incrementing normally during a call which means audio packets from ITSP are coming in. After I take off the above ACL from the physical interface facing ITSP's CPE, two-way audio resumes. SIP signaling debug confirms that there are only above ITSP's IP addresses are involved during a call.
What's up with this ACL?
Thanks,
Jian
07-04-2010 12:50 PM
I modified the ACL is a little bit, seems that there are traffic coming in from other source IPs from ITSP side.
Extended IP access list SIP_ITSP
10 permit ip host 172.24.0.97 host 172.24.34.5 (50 matches)
15 permit ip host 172.24.0.98 host 172.24.34.5 (3527 matches)
20 permit ip host 172.24.0.113 host 172.24.34.5 (173 matches)
30 permit ip host 172.24.0.114 host 172.24.34.5 (50852 matches)
40 deny udp any host 172.24.34.5 eq 5060
50 permit udp any any (745 matches) <====== ?
This is the "show sip call" output of the call leg between ITSP and CUBE:
SIP UAC CALL INFO
Call 1
SIP Call ID : 316F0C70-86DB11DF-8781D7D1-940D417B@172.24.34.5
State of the call : STATE_ACTIVE (7)
Substate of the call : SUBSTATE_NONE (0)
Calling Number : +441189090554
Called Number : 0014082030523
Bit Flags : 0xC04018 0x100 0x80080
CC Call ID : 901
Source IP Address (Sig ): 172.24.34.5
Destn SIP Req Addr:Port : [172.24.0.113]:5060
Destn SIP Resp Addr:Port: [172.24.0.113]:5060
Destination Name : 172.24.0.113
Number of Media Streams : 1
Number of Active Streams: 1
RTP Fork Object : 0x0
Media Mode : flow-through
Media Stream 1
State of the stream : STREAM_ACTIVE
Stream Call ID : 901
Stream Type : voice+dtmf (0)
Stream Media Addr Type : 1
Negotiated Codec : g711ulaw (20 bytes)
Codec Payload Type : 0
Negotiated Dtmf-relay : rtp-nte
Dtmf-relay Payload Type : 101
Media Source IP Addr:Port: [172.24.34.5]:18588
Media Dest IP Addr:Port : [172.24.0.114]:12280
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide