cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3269
Views
0
Helpful
12
Replies

Can't receive incoming calls

Hi!
We have standalone EX90 (not connected to VCS) located in local network that has assigned a private IP address. This address is natted 1:1 to public IP address. Whole IP traffic is allowed in both sides and there are sip and nat inspection rules enabled on both router interfaces (lan&wan).
We can place outgoing calls successully but can't receive incoming calls. Is this a limitation by design or we've misseed something?
J

12 Replies 12

Martin Koch
VIP Alumni
VIP Alumni

some more info would be handy, do you try sip or h323, which sw version do you use,

did you set up the h323 nat ip, does the firewall have some alg/nat helper or whatever l3 feature.

In general the best is: "no magic" on the firewall and a vcs-e where the endpoint is registered to.

Please remember to rate helpful responses and identify

Hi!

Sw version: TC5.1.4
I've tried with sip and h323- same problem.
The h323 ip nat address has been set to public ip address.
The router/firewall is UC520 and has acl and ip inspect (sip,h323,....) enabled on both wan and lan interfaces.

We had the exact same issue at one location where they are using static routing; EX90 on private IP with static route to public IP. Was resolved by setting NAT to "Off" in EX90. Haven't had a problem since.

Edit: Went back and checked details, the EX90 which was giving us problems when NAT was set to "On" is actually registered with a VCS-E, whereas OP system is not.

/jens

Please rate replies and mark question(s) as "answered" if applicable.

Hi!

I've changed the following settings:
- advanced configuration.H323.NAT.Address = "blank"
- advanced configuration.H323.NAT.Mode = Off
Are these the settings you're refering to?

I've placed another h323 call after the changes were made but still without success: the receiver answered and he was able to hear and see me but I couldn't neither hear or see him.

Hi Jernej,

What you described in your latest post looks like a firewall problem. As far as I understood your last post you mean to say that whenever you call using your endpoint, the call is successfully established and the far end is able to see and hear you however, the problem is that you're not able to see and hear the far end...

Please confirm if that's correct. Also as per what you mentioned in the first post, you said that you're not able to receive incoming calls. This means that the calls are not connecting and in that case the problem arises during the signalling between the endpoints.

Hence, please confirm if you're facing one or both of the issues that you have listed. I will try to help you troubleshoot the issue accordingly.

Regards,

Mubashshir Akhtar

Thanks Mubashshir Akhtar

Hi!

I ran two outgoing call tests today:
1. calling from Ex90 to other TP that has assigned public IP address directly. The recipient of the call could see and hear me but I couldn't see or hear them.
2. calling from Ex90 to cisco jabber video on my ipad and everything was ok: video and audio went both ways.

I ran incoming call test: calling from Cisco Jabber Video to Ex90 but the call didn't establish at all. I tried with url with FQDN and with url with IP address.
I can find packets with destination udp/5060 and udp/5061 in fw log. The sh ip nat translations shows translations for both packets to the private IP address of our Ex90.
But the Ex90 doesn't ring at all.

I'll try to establish incoming test call from another Ex or Sx endpoint to our Ex90 tomorrow and let you know about the results.

If you need any additional information just let me know.

Thank you!

One additional note: I've replaced wan router with brand new one with default config.
I only configured lan and wan ip addresses, default route and static 1:1 nat rule, nothing else.
I was able to call from jabber video from ipad and answer the incoming call but session didn't establish successfully - there was just a "Connecting..." message on the Ex90 display.
I made an outgoing call from our Ex90 to other endpoint with public ip address assigned to it but the problem was still there: I couldn't see or hear people on the other side.

Hi Jernej,

Since you're testing with 2 different types of devices, I would like to comment here so that you know what is the difference in their working.

Cisco Jabber uses SIP protocol to communicate with the far end device and is registered to a VCS server to make the communication possible.

However, you have configured your Ex90 to use H323 protocol and in direct mode which means that it is not registered to any VCS.

In this scenario, it is very much possible that when you dial from the Cisco Jabber or from the Ex90, if the VCS is not set up correctly, the call might not work. I would recommend to keep Jabber out from the scenario and try to test two endpoints with Public IP addresses. For your information, I will highlight the ports used for communication for both protocols ; H323 & SIP.

For H.323:


*          Gatekeeper Discovery (RAS) - Port 1719 - TCP

*          Q.931 call Setup - Port 1720 - TCP

*          H.245 - Port Range 5555-5574 - TCP

*          Video - Port Range 2326-2485 - UDP

*          Audio - Port Range 2326-2485 - UDP

*          Data/FECC - Port Range - 2326-2485 - UDP


For SIP:


*          SIP messages - Port 5060 - UDP/TCP

*          SIP messages - Port 5061 - TLS(TCP)

*          H.245 - Port Range 5555-5574 - TCP

*          Video - Port Range 2326-2485 - UDP

*          Audio - Port Range 2326-2485 - UDP

Also keep in mind that the Audio & Video ports might be different if you have configured RTP Port Allocation on your Ex90.

Please check the ports above on your firewall to make sure they are not blocked and we'll check other things once this is taken care of.

Regards,

Mubashshir Akhtar

Thanks Mubashshir Akhtar

Sorry for late reply - I was out of the office for the last two days.

I've made additional test today between two TP endpoint devices as you suggested.

The results:

- outgoing call: they were able to see and hear me on the other side but I couldn't hear or see them

- incoming call: exactly the same

Here is the relevant part of router/firewall configuration:

1. Outside interface:

- doesn't have ip inspect assigned

- ACL: 1 permit ip any host WAN_IP

2. Inside interface:

- 1 permit ip host LAN_IP any

- ip inspect in: udp, sip, h323, tcp

- ip inspect out: udp, sip, h323, tcp

3. NAT

- ip nat inside source static LAN_IP WAN_IP extendable

They have TP connected to ASA (DMZ cone) at the other side, TP has public IP assigned, traffic is not filtered in any direction (permit ip any any).

Everything works ok (incoming and outgoing calls) in case I assign public IP address to our TP directly instead of using private IP + NAT.

Jernej,

if you are configuring NAT on the endpoint directly (On the H323 page), you should not use ip inspect rule for h323 on your ASA, since that inspection rule will also attempt to perform application layer NAT on the H323 traffic, which could cause conflicts.

Also please note that the NAT function on the endpoint itself only applies for H323, not SIP.

When I was performing both tests described in my previous post, NAT setting on the TP was set to Nat=off, Nat address wasn't set.

Now I've changed Nat=On and set Nat address to public IP address.
I've also disabled h323 inspection in both directions (in and out) on our router (UC520).

I'm able to make outgoing calls after those changes were made!
But I still can't receive incoming calls: I receive the incoming call notificati, press Answer button but the session is disconnected the very next moment I press the answer button.

Jernej,

if the incoming call drops when you attempt to answer, that could mean that the H245 address specified in the H225 CONNECT message sent from your endpoint to the far end does not specify the NAT address which you have configured on your endpoint.

Unfortunately we would need to collect some logs/network traces from your endpoint to troubleshoot that further, so it would probably be best if you raised a TAC case at this point.

Regards

Andreas

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: