Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1272
Views
0
Helpful
3
Replies

Expressway - Request Denied

Richard Bayes
Level 1
Level 1

‎08-19-2015 06:13 AM - edited ‎03-18-2019 04:52 AM

  • SubSearch (1)
    • Type: Search Rules
    • SearchRule (1)
      • Name: test to XXX
      • Zone (1)
        • Name: Zone to Internet
        • Type: DNS
        • Protocol: H323
        • Found: False
        • Reason: Request denied
        • StartTime: 2015-08-19 10:37:52
        • Duration: 0.04
        • Gatekeeper (1)
          • Alias (1)
            • Type: H323Id
            • Origin: Unknown
            • Value: 1010@XX.XX.XX.XX

 

 

Hi Guys,

 

I am having an issue with the above, When i try an call a H323 system Polycom from this one Expressway-E from multiple systems i get a Request Denied. If i route this rule to another VCS and then to the final destination it works correctly and is found as true.

 

 

Company VCS ----> Direct to Polycom RMX/CMA = Failing with above error

 

Company VCS ----> Another Company VCS -----> Polycom RMX/CMA = Works 

 

What makes this error more strange as it only effects when it coming to and from 2 different companies they are trying to do B2B calls with. both are geographically located very close to each other and their external VCS/VBP/RMX IP's start in the same octect.

 

I am failing to find any documentation on the meaning of Request Denied in a search history. and the cause of this I have done Diag Logs and Wireshark captures and the H323 messages dont let on more on it neither does the Debug H323 Log from the Expressway.


Many Thanks

 

Rich

 

 

1 person had this problem
Labels:
0 Helpful
3 Replies 3

Patrick McCarthy
Cisco Employee
Cisco Employee

‎08-19-2015 11:43 AM

I believe the request denied message is coming from your far end. Does your search history show the same outbound call from the working VCS, just with success instead of failure? If so, my guess is the far end has firewall settings that are allowing inbound calls from some addresses but not others. 

Do you have access to see what the Polycom side is seeing? Is that call even getting there?

0 Helpful

Richard Bayes
Level 1
Level 1
In response to Patrick McCarthy

‎08-19-2015 01:43 PM

This is what I thought, it seems like it is blocking some sort of the route.

 

To add some extra knowledge to the issue, the 2 companies are subsidiaries and have links between their MPLS to backbones. so maybe the way it enters in their final router is not an accepted route. I will go back and see if we can get some knowledge as one of the far ends is actually a Expressway-E that is connected to Polycom and Cisco Networks. so maybe we can get some more information from there.

It just doesnt make sense that if I Route it out to "another VCS" which is clearly on the Internet at another ISP it works fine.

I did a traceroute from one site to another and vice versa and noticed a difference in routes even across their backbones could asymertic routing be causing these issues you think?

 

EDIT: Yeah the changing the search rules to go out via a Neighbor Zone to the other VCS call connects completely straight away. If i go via the normal Traversal Zone route it takes about 25 seconds then call fails. and i see this response. But the long 25 seconds is because of SIP interworking trying to work if i turn interworking off and only do a H323 call it fails instantly.

0 Helpful

Richard Bayes
Level 1
Level 1
In response to Patrick McCarthy

‎08-20-2015 11:58 PM

I did some further tests and got this result.

 

2015-08-21T08:17:52+02:00 expe tvcs: UTCTime="2015-08-21 06:17:52,901" Module="developer.iwf" Level="DEBUG" CodeLocation="ppcmains/oak/calls/iwf/IIWFTarget.cpp(386)" Method="IIWFTarget::sendSipPolicyResponseToLeg" Thread="0x7f088ae7a700":  State="IWFAwaitingConnectH323OutLegState" Global-CallId="47b5e9b4-47cc-11e5-a6c4-0010f31cb336" Local-CallId="7a66d34f-f989-4f9f-98fe-08fc49472f45" Response=Request denied


2015-08-21T08:17:52+02:00 expe tvcs: Event="Search Completed" Reason="Forbidden" Service="SIP" Src-alias-type="SIP" Src-alias="XXXX@XXX.com" Dst-alias-type="SIP" Dst-alias="sip:1234@IP" Call-serial-number="7a66d34f-f989-4f9f-98fe-08fc49472f45" Tag="47b5e9b4-47cc-11e5-a6c4-0010f31cb336" Detail="found:false, searchtype:INVITE" Level="1" UTCTime="2015-08-21 06:17:52,901"


2015-08-21T08:17:52+02:00 expe tvcs: Event="Call Rejected" Service="SIP" Src-ip="212.76.224.21" Src-port="5061" Src-alias-type="SIP" Src-alias="sip:XXXX@XXX.com" Dst-alias-type="SIP" Dst-alias="sip:1234@IP" Call-serial-number="7a66d34f-f989-4f9f-98fe-08fc49472f45" Tag="47b5e9b4-47cc-11e5-a6c4-0010f31cb336" Detail="Forbidden" Protocol="TLS" Response-code="403" Level="1" UTCTime="2015-08-21 06:17:52,901"

 

all signs lead to the other side but It is working for every other VCS and if we reroute it works for this expressway to.

0 Helpful
Customers Also Viewed These Support Documents