10-22-2019 04:58 AM
Setting up sip trunk with deutsche telekom service provider. Outgoing call is not working getting 403 Forbidden (R403_REQUEST_NOT_ALLOWED)..
Received:
SIP/2.0 403 Forbidden (R403_REQUEST_NOT_ALLOWED)
Via: SIP/2.0/TCP 192.168.178.2:5060;received=217.7.207.185;branch=z9hG4bK31DED3
To: <sip:00919739994990@sip-trunk.telekom.de>;tag=65cc6339
From: <sip:+49623797740@sip-trunk.telekom.de>;tag=2740564-1172
Call-ID: E2229D99-F3E911E9-903A9E36-290E7944@192.168.178.2
CSeq: 101 INVITE
Content-Length: 0
SIP config
voice service voip
ip address trusted list
ipv4 10.33.50.17
ipv4 10.33.50.18
ipv4 10.42.60.0 255.255.255.0
ipv4 217.10.79.9
ipv4 217.116.117.0 255.255.255.0
ipv4 10.43.32.0 255.255.255.0
ipv4 217.0.0.0 255.255.0.0
allow-connections h323 to h323
allow-connections h323 to sip
allow-connections sip to h323
allow-connections sip to sip
no supplementary-service sip moved-temporarily
no supplementary-service sip refer
fax protocol t38 nse version 0 ls-redundancy 0 hs-redundancy 0 fallback pass-through g711alaw
modem passthrough nse codec g711alaw
sip
session refresh
asserted-id pai
outbound-proxy dns:reg.sip-trunk.telekom.de
asymmetric payload full
conn-reuse
privacy-policy passthru
sip-profiles inbound
sip-profiles 3000
!
!
voice class uri 1 sip
host ipv4:10.34.59.33
host ipv4:10.43.32.83
host ipv4:10.34.59.32
voice class codec 1
codec preference 1 g711alaw
!
!
voice class sip-profiles 3000
rule 1 request REGISTER sip-header Contact modify "<.*:.*@(.*)>" "<sip:\1;bnc>"
rule 2 request REGISTER sip-header Proxy-Require add "Proxy-Require: gin"
rule 3 request REGISTER sip-header Require add "Require: gin"
!
voice class sip-profiles 201
rule 1 request ANY sip-header P-Asserted-Identity modify "<sip:(.*)>" "<sip:+49623797740@sip-trunk.telekom.de>"
rule 2 request ANY sip-header Min-SE remove
rule 3 request ANY sip-header Diversion remove
rule 4 request ANY sdp-header Connection-Info remove
rule 5 response ANY sdp-header Connection-Info remove
!
!
voice class server-group 1
ipv4 10.34.59.33 preference 1
ipv4 10.43.32.83 preference 3
ipv4 10.34.59.32 preference 2
voice translation-rule 1
rule 6 // //
!
voice translation-rule 2
rule 2 /\(^.+\)/ /+\1/ type international international
rule 3 /\(^.+\)/ /0\1/ type any subscriber
!
voice translation-rule 3
rule 1 /^149/ /+49623797/
rule 2 /^9/ /*\1/
rule 3 /^.*/ /*\0/
!
voice translation-rule 4
rule 1 /^\*/ //
!
voice translation-rule 5
rule 1 /97744/ /149744/
!
voice translation-rule 6
rule 1 /\+496237977.../ /+49623797740/
!
voice translation-rule 14
rule 1 /9/ //
!
!
voice translation-profile Fax_in
translate called 5
!
voice translation-profile FromPSTN
translate calling 2
translate called 1
!
voice translation-profile SRST
translate called 3
!
voice translation-profile ToPSTN
translate calling 6
translate called 4
interface GigabitEthernet0/1
ip address 192.168.178.2 255.255.255.0
duplex auto
speed auto
ip route 0.0.0.0 0.0.0.0 192.168.178.1
dial-peer voice 201 voip
description **SIP-TRUNK.TELEKOM.DE**
translation-profile outgoing ToPSTN
destination-pattern *T
session protocol sipv2
session target sip-server
session transport tcp
voice-class codec 1
voice-class sip outbound-proxy dns:reg.sip-trunk.telekom.de
voice-class sip profiles 201
voice-class sip bind control source-interface GigabitEthernet0/1
voice-class sip bind media source-interface GigabitEthernet0/1
dtmf-relay rtp-nte
fax-relay ecm disable
fax rate 14400
fax nsf 000000
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback pass-through g711alaw
clid strip name
no vad
!
dial-peer voice 101 voip
translation-profile incoming FromPSTN
rtp payload-type nse 112
session protocol sipv2
session target sip-server
session transport tcp
incoming called-number +4962379774..
no voice-class sip outbound-proxy
voice-class sip bind control source-interface GigabitEthernet0/1
voice-class sip bind media source-interface GigabitEthernet0/1
dtmf-relay rtp-nte
codec g711alaw
fax-relay ecm disable
fax rate 14400
fax nsf 000000
fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback pass-through g711alaw
no vad
!
dial-peer voice 301 voip
preference 1
destination-pattern +4962379774..
session protocol sipv2
session target ipv4:10.34.59.33
voice-class codec 1
no voice-class sip outbound-proxy
no voice-class sip pass-thru content sdp
voice-class sip bind control source-interface GigabitEthernet0/0
voice-class sip bind media source-interface GigabitEthernet0/0
dtmf-relay rtp-nte
no vad
!
dial-peer voice 302 voip
destination-pattern +4962379774..
session protocol sipv2
session target ipv4:10.43.32.83
session transport udp
voice-class codec 1
no voice-class sip outbound-proxy
no voice-class sip pass-thru content sdp
voice-class sip bind control source-interface GigabitEthernet0/0
voice-class sip bind media source-interface GigabitEthernet0/0
dtmf-relay rtp-nte
no vad
!
dial-peer voice 303 voip
destination-pattern +4962379774..
session protocol sipv2
session target ipv4:10.34.59.32
voice-class codec 1
no voice-class sip outbound-proxy
voice-class sip bind control source-interface GigabitEthernet0/0
voice-class sip bind media source-interface GigabitEthernet0/0
dtmf-relay rtp-nte
no vad
sip-ua
credentials number +49623797740 username 5511351XXXX password 7 13152D450409537F12 realm sip-trunk.telekom.de
authentication username 5511351XXXX password 7 02163E0C0403587475 realm sip-trunk.telekom.de
no remote-party-id
timers expires 900000
timers register 100
timers dns registrar-cache ttl
registrar dns:sip-trunk.telekom.de expires 240 tcp auth-realm sip-trunk.telekom.de
sip-server dns:sip-trunk.telekom.de
connection-reuse
10-23-2019 01:42 PM
Hi,
Can you please post the logs for debug cccsip messages and debug ccapi inout? And also the calling number and called number information.
10-23-2019 10:11 PM
10-24-2019 06:55 AM
Hi,
Can you try below configuration:
voice class sip-profiles 201 rule 1 request INVITE sip-header From modify "sip-trunk.telekom.de" "192.168.178.2" rule 2 request INVITE sip-header P-Asserted-Identity modify "<sip:(.*)>" "<sip:+49623797740@192.168.178.2>" ! dial-peer voice 201 voip voice-class sip profiles 201 !
Any reason you are removing below parameters in your configuration:
voice class sip-profiles 201
rule 2 request ANY sip-header Min-SE remove rule 3 request ANY sip-header Diversion remove rule 4 request ANY sdp-header Connection-Info remove rule 5 response ANY sdp-header Connection-Info remove
10-24-2019 08:05 AM
Hi,
Tried the profile which you shared still same issue.
The profile which i configured got from internet which is published by cisco for service provider Deutsche Telekom in germany.
10-25-2019 05:41 AM - edited 10-25-2019 05:42 AM
Hi,
From the earlier logs:
dial-peer voice 201 voip no voice-class sip outbound-proxy dns:reg.sip-trunk.telekom.de
Check with your service provider about why they are rejecting the call.
10-26-2019 07:12 PM
Hi,
They accept g711alaw and g722
Calling and called format is fine
I tried result is same..
No proper support from service provide and one thing we observed is we reset trunk in CUCM and also reconfigure SIP configuration in gateway it will fix issue for time being. After some time it will stop again. Service provider told TCP authentication is not working properly. During TCP authentication both VG and Service provider SIP-proxy agreed on one TCP port but VG sending traffic to on different port.
10-28-2019 06:51 AM - edited 10-28-2019 06:51 AM
Can you please post working and non working call logs?
11-04-2019 01:34 AM
Guys thank you issue is fixed after remove bind control GE0/1.. Not sure how this created the issue
04-16-2020 08:52 AM
This worked for me too. I removed the binding from outbound interface and calls were successful.
01-08-2021 06:42 AM
Hi Richard, I hope your well, I have this same issue on DE Telekom SIP trunk but dont have any binding on the interfaces, what did you remove to get this working for you?
Regards
Nick
01-08-2021 07:00 AM
The bind statements are either on the dial peers or in global configuration under voice service voip.
01-08-2021 08:42 AM
Yes, aware of that but it wasn't clear that it was the outbound dial-peer that it was removed from as it stated outbound interface.
03-04-2021 07:32 AM
We had a same issue with DE Telekom.
The problem was: in somehow our firewall sent a TCP-FIN packet to our CUBE so the SIP trunk with Telekom was dropped by our CUBE. Then the CUBE made a new registration/connection. At this point the CUBE connection was made with a new TCP source port. After this, the CUBE tried to send related SIP messages for the old active calls to provider with the new SIP trunk, but the provider rejected them, and we get "R403_REQUEST_NOT_ALLOWED".
The reason was: the source port of call signaling for a call must be remain during the call.
Troubleshooting:
- With "debug ip tcp transactions" we could see that the CUBE got a FIN.
2161522: Sep 3 12:24:35.470: TCP0: FIN processed
2161523: Sep 3 12:24:35.470: TCP0: state was ESTAB -> CLOSEWAIT [50896 -> 88.0.8.8(5060)]
(…)
2161544: Sep 3 12:24:35.486: TCP0: state was CLOSEWAIT -> LASTACK [50896 -> 88.0.8.8(5060)]
2161545: Sep 3 12:24:35.486: TCP0: sending FIN
2161546: Sep 3 12:24:35.486: TCB213E8AB4 getting property TCP_VRFTABLEID (20)
2161547: Sep 3 12:24:35.490: TCP0: Got ACK for our FIN
2161548: Sep 3 12:24:35.490: TCP0: state was LASTACK -> CLOSED [50896 -> 88.0.8.8(5060)]
2161549: Sep 3 12:24:35.490: Released port 50896 in Transport Port Agent for TCP IP type 1 delay 240000
2161550: Sep 3 12:24:35.490: TCB 0x21323FE4 destroyed
- With "debug ccsip messages" we could see the new trunk registration request.
- With the packet capture traces from the provider interface we could see the FIN packet and also the changing of source TCP port for the SIP messages.
03-09-2021 04:59 AM
You can keep the source port fixed with the following configuration, obviously in addition to anything you already have under "sip-ua". Personally I would change to UDP if the service provider accepts this, I've seen issues with TCP in terms of how retries are handled.
sip-ua connection-reuse
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide