08-23-2021 02:50 AM
Greetings Community,
I am having an issue with calls coming from the ITSP towards my CUBE, the setup is:
ITSP-> FTD FW -> CUBE <-> CUCM <-> IP PHONE
I try calling from my mobile phone to my IP Phone's DN, so I dial the DID number that the ITSP provided us with for my remote office and immediately the call gets ended without ringing or anything.
I have a Cisco ISR 4331 running as CUBE and i can see debugs (ccsip debugs) and this is what I get:
Sent:
SIP/2.0 400 Bad Request - 'Invalid Host'
Sent:
SIP/2.0 400 Bad Request - 'Invalid Host'
Meanwhile I don't get any logs for ( debug voip ccapi inout).
I can share more of the logs during our discussions.
Looking forward to discussing with you guys, thankk you very much in advance.
Kind regards,
EM.
08-23-2021 03:58 AM
Could you please share debug ccsip messages output.
08-23-2021 04:15 AM
Hi @Nithin Eluvathingal !
The file below contains the debug output.
If there is any need for extra info or explanation please contact me!
08-23-2021 05:24 AM
This is likely a NAT issue. The key is:
Aug 23 06:30:09.034: //-1/xxxxxxxxxxxx/SIP/Error/sipSPI_validate_own_ip_addr: ReqLine IP addr does not match with host IP addr Aug 23 06:30:09.034: //-1/6596D0589837/SIP/Error/sact_idle_new_message_invite: Invalid URL in incoming INVITE
When a router receives an inbound SIP INVITE, the first thing it does is determine if it is the intended recipient. If the INVITE is to an unknown IP address (unknown to the router) the INVITE is rejected.
Your INVITE shows:
To: "First name Last name"<sip:+38523201341@FW_Outside_Int>;cscf
Which I take to mean that NAT is in play. You will need to configure your FW for this VoIP scenario. Here is some help:
Maren
08-24-2021 03:23 AM
If I understand this right, what I need to do on my FTD is configure Destination NAT ( translate the destination IP Address from my FW outside IP as can be seen above, to my CUBE-s IP address which I use to bind the media and control), is this right?
Because that is my current configuration on my FTD, but for some reason it doesn't seem to work and the invitation on the CUBE comes towards the wrong IP (FW Outside IP) and not towards the translated IP (CUBE's IP).
08-24-2021 06:54 AM
The NAT will change the IP header to the CUBE IP (which is why it is getting to the CUBE at all), but once the SIP process on the CUBE starts processing the contents/payload of those IP packets for SIP information (which hasn't been altered by the FW) it fails.
The FTD-FW will need to be configured for SIP ALG (application layer gateway) which can reach in and change not just the header but also the information in the body (such as the SDP) and/or the CUBE will need to use a SIP Profile to alter the contents of the SIP headers.
Not all firewalls support SIP ALG, so you'll have to look at what yours can do. If not, there are techniques for doing all of the work on the CUBE. Here is one example:
Supporting CUBE NAT Integrations without Firewall ALG
Maren
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide