Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4379
Views
3
Helpful
15
Replies

Strange Calling Loop on C40

Go to solution
Patrick Sparkman
VIP Alumni
VIP Alumni

‎09-24-2013 12:51 PM - edited ‎03-18-2019 01:51 AM

I've seen this a few times on one specific C40 consistently, it seems to appear after select conferences connect, I see it several time over and over in the xhistory.  Our MCU does all the calling, so the codec in the room doesn't do anything, but auto answers the incoming call from the bridge.  The default call protocol being used by the bridge is H.323, the codec isn't configured for SIP at this time.  The dialing and call back numbers are that of the codec itself.

*h xHistory CallLogs Call 3153 CallId: 296
*h xHistory CallLogs Call 3153 Protocol: "Sip"

*h xHistory CallLogs Call 3153 Direction: Incoming
*h xHistory CallLogs Call 3153 CallType: Audio

*h xHistory CallLogs Call 3153 RemoteNumber: "sip:100@x.x.175.82"
*h xHistory CallLogs Call 3153 CallbackNumber: "sip:100@x.x.175.82"

*h xHistory CallLogs Call 3153 DisplayName: "100"
*h xHistory CallLogs Call 3153 CallRate: 768

*h xHistory CallLogs Call 3153 DisconnectCauseValue: 1
*h xHistory CallLogs Call 3153 DisconnectCause: ""

*h xHistory CallLogs Call 3153 DisconnectCauseType: LocalDisconnect
*h xHistory CallLogs Call 3153 DisconnectCauseCode: 0

*h xHistory CallLogs Call 3153 DisconnectCauseOrigin: SIP
*h xHistory CallLogs Call 3153 StartTime: "2013/09/24 12:07:02"

*h xHistory CallLogs Call 3153 Duration: 0
*h xHistory CallLogs Call 3153 Encryption: "Aes-128"

*h xHistory CallLogs Call 3153 BookingId: ""

All of our conferences are scheduled via TMS 14.2.2, with a VCS X7.2.2.  C40 is currently running TC5.6, waiting on TC6.3.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Chad Patterson
Cisco Employee
Cisco Employee

‎09-24-2013 01:14 PM

Patrick,

My guess is that your endpoint is sitting out with a public ip address and sip scanning applications such as SipVicious are being used to detect possibilities for exploiting PSTN trunks. This can result in your endpoint looking like it is calling itself.

For the endpoint, you should set the SIP Listening port to Off and the Sip Outbound to On so that the VCS can still reach the endpoint.

xConfiguration SIP ListenPort: Off

xConfiguration SIP Profile 1 Outbound: On

Disabling ListenPort stops the endpoint from listening on port 5060/5061. Enabling outbound means that all incoming and outgoing calls will reuse the connection open from the endpoint to the VCS from the initial SIP Register message.

There were some changes in TC6.2 to address this issue. Prior to TC6.2, if you had the ListenPort to Off and Outbound On, this configuration combination did not always work as expected.

I would make those changes on the endpoint and upgrade to TC6.2 if you can.

Here is the bug id you can look at for this issue: CSCue55239

View solution in original post

0 Helpful

Go to solution
Wayne DeNardi
VIP Alumni
VIP Alumni
In response to Patrick Sparkman

‎01-14-2014 08:21 PM

Hi Patrick,

Patrick Sparkman wrote:
As I d mentioned, I applied to the fix to the C-Series, but am not seeing the issue on an E20, I need to see if there is a work around for it.

That's why i'd linked to the Admin Guide for the E20,  there's a setting for CallScreening - On: to reply to any SIP invites,  not from one of the SIP profile proxies with a "305 Use Proxy" message -  this could also stop the unwanted incoming invites hitting your device as your workaround if you can't find the ListenPort and Outbound settings similar to the C's.

Wayne

--

Please remember to rate responses and to mark your question as answered if appropriate.

Wayne
--
Please remember to mark helpful responses and to set your question as answered if appropriate.

View solution in original post

0 Helpful
15 Replies 15

Go to solution
Chad Patterson
Cisco Employee
Cisco Employee

‎09-24-2013 01:14 PM

Patrick,

My guess is that your endpoint is sitting out with a public ip address and sip scanning applications such as SipVicious are being used to detect possibilities for exploiting PSTN trunks. This can result in your endpoint looking like it is calling itself.

For the endpoint, you should set the SIP Listening port to Off and the Sip Outbound to On so that the VCS can still reach the endpoint.

xConfiguration SIP ListenPort: Off

xConfiguration SIP Profile 1 Outbound: On

Disabling ListenPort stops the endpoint from listening on port 5060/5061. Enabling outbound means that all incoming and outgoing calls will reuse the connection open from the endpoint to the VCS from the initial SIP Register message.

There were some changes in TC6.2 to address this issue. Prior to TC6.2, if you had the ListenPort to Off and Outbound On, this configuration combination did not always work as expected.

I would make those changes on the endpoint and upgrade to TC6.2 if you can.

Here is the bug id you can look at for this issue: CSCue55239

0 Helpful

Go to solution
Patrick Sparkman
VIP Alumni
VIP Alumni
In response to Chad Patterson

‎09-24-2013 01:50 PM

This particular codec is accessible to the public, something that we're going to change when we implement an Expressway later this year.  I figured it was something along those lines, especially when I noticed the calling protocol as being SIP, but wasn't 100% sure.

Thanks!

0 Helpful

Go to solution
Martin Koch
VIP Alumni
VIP Alumni
In response to Patrick Sparkman

‎09-24-2013 03:29 PM

If you do not need a service it might be better to completly disable it:

xConfiguration NetworkServices SIP Mode: off

Also, remember to set a secure password and put a firewall upfront.

The only inbound ports which you would need are:

For H.323 direct calls the used ports are:

  • Q.931 call Setup: Port 1720 (TCP)
  • H.245(Static): Port Range 5555-6555 (TCP)
  • H.245(Dynamic): Port Range 11000-20999 (TCP)
  • Video*: Port Range 2326-2485 (UDP)
  • Audio*: Port Range 2326-2485 (UDP)
  • Data/FECC*: Port Range 2326-2485 (UDP)

         *Configurable by "RTP Ports Range Start" and "RTP Ports Range Stop"

Please remember to rate helpful responses and identify helpful or correct answers.

Please remember to rate helpful responses and identify

Go to solution
Patrick Sparkman
VIP Alumni
VIP Alumni
In response to Martin Koch

‎01-14-2014 11:20 AM

Have another question in regards to this issue.  This works for C-Series or other codecs running TC software.  However, what about E20s?  We have an E20 outside the network that is accessible to the public Internet for management by our TMS.

0 Helpful

Go to solution
Wayne DeNardi
VIP Alumni
VIP Alumni
In response to Patrick Sparkman

‎01-14-2014 03:57 PM

Hi Patrick,

The same would apply to the E20 running the TE software.  If you're not using SIP, it's best to turn it off.

Security advisory cisco-sa-20130619-tpc shows that exact same thing as the Workaround to the security issues.

Wayne

--

Please remember to rate responses and to mark your question as answered if appropriate.

Wayne
--
Please remember to mark helpful responses and to set your question as answered if appropriate.
0 Helpful

Go to solution
Patrick Sparkman
VIP Alumni
VIP Alumni
In response to Wayne DeNardi

‎01-14-2014 04:55 PM

Thanks Wayne -

I've applied the work around noted above for a C-Series unit we have that is on a public IP.  I've been told that there is now an E20 that is starting to get these scanning calls, however the workaround for the C-Series doesn't apply to TE software from what I can tell.  Don't know if there is a workaround for TE software, wasn't sure if there was a way to prevent the calls.

The network at these locations isn't controlled by us at any of these places, but the codecs are.

0 Helpful

Go to solution
Wayne DeNardi
VIP Alumni
VIP Alumni
In response to Patrick Sparkman

‎01-14-2014 05:30 PM

Hi Patrick,

The Secuirty Advisory I linked says that the workaround should apply to the TE software as well as the TC software.

if the xConfig command doesn't work, are you able to change the setting via the web interface as described?  I'd suggest you also upgrade the E20 to TE4.1.3 or later as per that SA.

Wayne

--

Please remember to rate responses and to mark your question as answered if appropriate.

Wayne
--
Please remember to mark helpful responses and to set your question as answered if appropriate.
0 Helpful

Go to solution
Patrick Sparkman
VIP Alumni
VIP Alumni
In response to Wayne DeNardi

‎01-14-2014 05:35 PM

Both C-Series and E20 are running the most recent software.  It was back in December when someone called me about the C-Series, so I applied Chad's workaround above.  Then today someone told me about the E20.  I can turn off SIP, but we use SIP for calls however.

0 Helpful

Go to solution
Wayne DeNardi
VIP Alumni
VIP Alumni
In response to Patrick Sparkman

‎01-14-2014 05:54 PM

The bug (linked by Chad) also lists that after upgrading the software to the newer version that you need to change the following two settings:

xConfiguration SIP ListenPort: Off

xConfiguration SIP Profile 1 Outbound: On

This would still leave SIP enabled so you can make calls through your internal telephony infrastructure...

Looking at the Admin Guide, there's a setting for CallScreening - On: to reply to any SIP invites, not from one of the SIP profile proxies with a "305 Use Proxy" message - this could also stop the unwanted incoming invites hitting your device.

Wayne

--

Please remember to rate responses and to mark your question as answered if appropriate.

Wayne
--
Please remember to mark helpful responses and to set your question as answered if appropriate.
0 Helpful

Go to solution
Koushal Pandit
Level 1
Level 1
In response to Chad Patterson

‎02-13-2018 11:37 PM

xConfiguration SIP Profile 1 Outbound: On

 

Thee is no such command .on MX800 Dual CLI ...

 

Anyone can help..

0 Helpful

Go to solution
Koushal Pandit
Level 1
Level 1
In response to Chad Patterson

‎02-13-2018 11:37 PM

xConfiguration SIP Profile 1 Outbound: On

 

Thee is no such command on MX800 Dual CLI.

 

Anyone can help.

0 Helpful

Go to solution
Patrick Sparkman
VIP Alumni
VIP Alumni
In response to Koushal Pandit

‎02-14-2018 06:26 AM

SIP Profile 1 Outbound is only available on TC software, CE software doesn't have that option.
0 Helpful

Go to solution
Patrick Sparkman
VIP Alumni
VIP Alumni

‎01-14-2014 06:54 PM

As I d mentioned, I applied to the fix to the C-Series, but am not seeing the issue on an E20, I need to see if there is a work around for it.

Sent from Cisco Technical Support iPhone App

0 Helpful

Go to solution
Wayne DeNardi
VIP Alumni
VIP Alumni
In response to Patrick Sparkman

‎01-14-2014 08:21 PM

Hi Patrick,

Patrick Sparkman wrote:
As I d mentioned, I applied to the fix to the C-Series, but am not seeing the issue on an E20, I need to see if there is a work around for it.

That's why i'd linked to the Admin Guide for the E20,  there's a setting for CallScreening - On: to reply to any SIP invites,  not from one of the SIP profile proxies with a "305 Use Proxy" message -  this could also stop the unwanted incoming invites hitting your device as your workaround if you can't find the ListenPort and Outbound settings similar to the C's.

Wayne

--

Please remember to rate responses and to mark your question as answered if appropriate.

Wayne
--
Please remember to mark helpful responses and to set your question as answered if appropriate.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents