11-20-2011 01:39 PM - edited 03-17-2019 10:37 PM
Hi,
Need a sanity check on a design please, I think I already know the solution (another option key..) but wanted a second opinion.
Simple implementation of VCSc & VCSe, only difference to the norm is static NAT from the VCSc which has to be in-place due to reasons I won't go into on here.
VCSc FW VCSe
____________ _______ ___________
|____________| ---------------- |_______| ------------------- |___________|
10.0.10.10 static NAT > 10.255.1.1 Public IP
Inside the network Movi works fine, outside I'm getting 404 policy responce, log below from the client.
2011-11-20 21:15:31,270 INFO PID 656 TID 3084 SIP
Outgoing SIP message: ---------------------------------------------
REGISTER sip:domain.com SIP/2.0
Via: SIP/2.0/TCP 192.168.1.1:3095;branch=z9hG4bK1634eac66a3ca8c5f19a2525a4752252.1;rport
Call-ID: 010b32545026eb6a@192.168.1.1
CSeq: 9001 REGISTER
Contact: <sip:user.movi@192.168.1.1:3095;transport=tcp>;+sip.instance="<urn:uuid:1c97dd7d-3b4c-5956-b53e-b18fccff9615>"
From: <sip:user.movi@domain.com>;tag=58e4b9e1d7b0270c
To: <sip:user.movi@domain.com>
Max-Forwards: 70
Route: <sip:VCSPUBLICIP:5060;lr>
Allow: INVITE,ACK,CANCEL,BYE,INFO,OPTIONS,REFER,NOTIFY
User-Agent: TANDBERG/771 (MCX 4.2.0.10318 (multistream))
Expires: 3600
Supported: replaces,100rel,timer,gruu
Content-Length: 0
2011-11-20 21:15:31,395 INFO PID 656 TID 3084 SIP
Incoming SIP message: ---------------------------------------------
SIP/2.0 404 Not Found
Via: SIP/2.0/TCP 192.168.1.1:3095;branch=z9hG4bK1634eac66a3ca8c5f19a2525a4752252.1;received=82.12.29.2;rport=3095;ingress-zone=DefaultZone
Call-ID: 010b32545026eb6a@192.168.1.1
CSeq: 9001 REGISTER
From: <sip:user.movi@domain.com>;tag=58e4b9e1d7b0270c
To: <sip:user.movi@domain.com>;tag=8bf2c0247045df7d
Server: TANDBERG/4102 (X7.0.2)
Warning: 399 VCSEPUBLICIP:5060 "Policy Response"
Content-Length: 0
Do I need the option key on the VCSc?
Message was edited by: Darren Goulden Just noticed the 'dual network' option is not available on the VCSc, what are my options if the NAT is interfering with the external provisioning?
11-20-2011 02:53 PM
Darren,
how are your movi users provisioned? local on the vcs?, or using tms?, also you see this message:
"Policy Response"
This is an error due to your zone credentials configuration...hence i will suggest you to check your zone
design.
I am assuming that your movi users are registering to your VCS instead of your VCSE right? if so then check your zone design and configuration between your VCS and VCSE.
Regards,
Cesar Fiestas
11-21-2011 12:17 AM
Hi Cesar,
I thought that at first as I've had that issue on previous installations but all zones have been modified to different settings including 'treat as auth' on all.
Users are provisioned from TMS to the VCSc
11-21-2011 04:55 AM
Darren,
When I ask you to review the design and configuration of your zones, did you review the configuration of your search rules as well?, because your movi could be trying to register to your VCSE (defaultzone) instead of your VCSC, (assuming) that your provisioning configuration was set on your VCSC (based of the information you have provided your provisioning information resides on your VCSC), As such your movi users configuration/provisioning information "exist" in your VCSC rather than your VCSE, hence the failure here, since instead it seems that your VCSE is loooking on its defaultzone for this movi user provisioning information. Your VCSE instead it needs to conduct a search on your VCSC via your traversal zone using typically a traverzal zone search rule.
I will suggest you looking at this guide
Cesar Fiestas
11-21-2011 03:13 AM
Darren,
did you make sure to create the 'domain.com' SIP domain on the VCS-E in the VCS Configuration > Protocols > SIP > Domains page?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: