Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6089
Views
5
Helpful
6
Replies

CUBE SIP Invite showing private IP to IPT

Go to solution
bendechamplain
Level 1
Level 1

‎04-08-2019 10:43 AM - edited ‎04-08-2019 10:47 AM

Hi, I have a Sip trunk configured behind a Meraki MX doing NAT and I have been through a lot a issue since the beginning. I had to apply some Sip header configuration found on internet from another Sip provider resulting incoming call working but never got outgoing working. SBC provider is showing that SIP INVITE header has private IP in it.

 

SIP/2.0/UDP Private IP :5060;branch=z9hG4bK15EF41

 

Meraki does not support ALG

 

Please I need help

 

 

Sip profile applied 

 

!1.2.3.4 Public IP; 172.x.y.z Private IP of the CUBE

voice class sip-profiles 1

response ANY sip-header Contact modify "172.x.y.z" "1.2.3.4" 

request ANY sip-header Contact modify "172.x.y.z" "1.2.3.4"

response ANY sdp-header Audio-Connection-Info modify "172.x.y.z" "1.2.3.4"

response ANY sdp-header Connection-Info modify "172.x.y.z" "1.2.3.4"

response ANY sdp-header Session-Owner modify "172.x.y.z" "1.2.3.4"

request ANY sdp-header Audio-Connection-Info modify "172.x.y.z" "1.2.3.4"

request ANY sdp-header Connection-Info modify "172.x.y.z" "1.2.3.4"

request ANY sdp-header Session-Owner modify "172.x.y.z" "1.2.3.4"

request ANY sip-header SIP-Req-URI modify "172.x.y.z:5060"  "1.2.3.4"

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Maren Mahoney
VIP
VIP
In response to bendechamplain

‎04-10-2019 08:52 AM

Looking back at your config, the outbound dial-peer is mapped to gi 0/0/1 which has the 192.168.128.37 ip address, so that will be the "From" IP.

Assuming your public and private IPs are the same in all cases, you would need to add a line to the SIP profile:

request INVITE sip-header From modify "private IP" "public IP"

Since your original implementation did not have the "address hiding" in SIP, I would suggest removing that so we are changing as few things as possible at a time. Then add the line to the sip profile. Give calls a try. Hopefully things will work. If not, let us know.

Also, a debug ccsip messages output from the router would be more helpful than the wireshark, if that is possible to do in your environment.

Maren

View solution in original post

6 Replies 6

Go to solution
Maren Mahoney
VIP
VIP

‎04-08-2019 10:56 AM

Under voice service voip - sip, do you have "address hiding" configured? That command is intended to address the very problem you are having.

If you can post your (sanitized) configuration, we can take a look.

 

Maren

0 Helpful

Go to solution
bendechamplain
Level 1
Level 1
In response to Maren Mahoney

‎04-08-2019 11:28 AM


voice service voip
ip address trusted list
ipv4 192.168.128.1 255.255.255.255
ipv4 88.215.54.xxx 255.255.255.255
ipv4 88.215.54.xxx 255.255.255.255
ipv4 10.75.224.0 255.255.255.0
mode border-element license capacity 10
allow-connections sip to sip
no supplementary-service sip handle-replaces
redirect ip2ip
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback pass-through g711ulaw
modem passthrough nse codec g711ulaw
h323
sip
header-passing
registrar server expires max 600 min 60
asserted-id pai
early-offer forced
midcall-signaling passthru
!
voice class codec 1
codec preference 4 g711alaw
!
!
voice class sip-profiles 100
response ANY sip-header Contact modify "private IP" "Public IP"
request ANY sip-header Contact modify "private IP" "Public IP"
request INVITE sip-header P-Asserted-Identity modify ".*>" "P-Asserted-Identity: <sip:1625399999@88.215.54.xxx;user=phone>"
request ANY sip-header Session-Header modify "private IP" "Public IP"
request ANY sip-header SIP-Req-URI modify "private IP" "Public IP"
request ANY sip-header SIP-Req-URI modify "private IP" "Public IP"
response ANY sdp-header Audio-Connection-Info modify "private IP" "Public IP"
response ANY sdp-header Connection-Info modify "private IP" "Public IP"
response ANY sdp-header Session-Owner modify "private IP" "Public IP"
request ANY sdp-header Audio-Connection-Info modify "private IP" "Public IP"
request ANY sdp-header Connection-Info modify "private IP" "Public IP"
!
!
voice class server-group 1
ipv4 88.215.54.xxx
ipv4 88.215.54.xxx
description SBC Provider GAMMA
!
!
!
interface Loopback0
ip address PUBLIC IP 255.255.255.255
!
interface VirtualPortGroup1
ip unnumbered GigabitEthernet0/0/0
!
interface VirtualPortGroup2
ip unnumbered GigabitEthernet0/0/0
!
interface GigabitEthernet0/0/0
ip address 10.75.224.253 255.255.255.0
negotiation auto
!
interface GigabitEthernet0/0/1
ip address 192.168.128.37 255.255.255.0
negotiation auto
!
interface GigabitEthernet0/0/2
no ip address
shutdown
negotiation auto
!
interface Service-Engine0/4/0
!
interface GigabitEthernet0
vrf forwarding Mgmt-intf
no ip address
shutdown
negotiation auto
!
!
ip route 0.0.0.0 0.0.0.0 10.75.224.254
ip route 10.75.224.252 255.255.255.255 VirtualPortGroup1
ip route 88.215.54.xxx 255.255.255.255 192.168.128.1
ip route 88.215.54.xxx 255.255.255.255 192.168.128.1
!
ip ssh version 2
!
!
!
!
dial-peer voice 30 voip
description TO SBC
translation-profile outgoing outgoing
destination-pattern 9T
session protocol sipv2
session server-group 1
voice-class codec 1
voice-class sip profiles 100
voice-class sip bind control source-interface GigabitEthernet0/0/1
voice-class sip bind media source-interface GigabitEthernet0/0/1
dtmf-relay rtp-nte
ip qos dscp cs3 signaling
clid network-number 1625399900
no vad

 

0 Helpful

Go to solution
Maren Mahoney
VIP
VIP
In response to bendechamplain

‎04-08-2019 12:42 PM

So do try adding 'address-hiding' in the voice service voip > sip portion of the config.

Maren

0 Helpful

Go to solution
bendechamplain
Level 1
Level 1
In response to Maren Mahoney

‎04-10-2019 08:04 AM

Spoiler
 

Hi, thanks for you help I really appreciate it. Unfortunately this has not fix the problem I have tried to modify sip header and it does not seem to do any result with debug
There is a screenshot of what provider receive and in yellow that is wrongimage.png

0 Helpful

Go to solution
Maren Mahoney
VIP
VIP
In response to bendechamplain

‎04-10-2019 08:52 AM

Looking back at your config, the outbound dial-peer is mapped to gi 0/0/1 which has the 192.168.128.37 ip address, so that will be the "From" IP.

Assuming your public and private IPs are the same in all cases, you would need to add a line to the SIP profile:

request INVITE sip-header From modify "private IP" "public IP"

Since your original implementation did not have the "address hiding" in SIP, I would suggest removing that so we are changing as few things as possible at a time. Then add the line to the sip profile. Give calls a try. Hopefully things will work. If not, let us know.

Also, a debug ccsip messages output from the router would be more helpful than the wireshark, if that is possible to do in your environment.

Maren

Go to solution
bendechamplain
Level 1
Level 1
In response to Maren Mahoney

‎05-02-2019 10:12 AM

Just to follow up this post with solution that worked for me. sip header FROM modification was the solution but I had to tweak formula to replace the user directory number displayed in the screenshot by the clid network number for Gamma to accept calls.

request INVITE sip-header From modify "From: (.*<)(.*>)" "From: <sip:CUSTOMER_CLID_NUMBER@Public_IP>"

Thanks
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents