Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3074
Views
15
Helpful
5
Replies

400 Bad Request - Invalid Host & Invalid IP Address

Ermir Morina
Level 1
Level 1

‎08-23-2021 02:50 AM

Greetings Community, 

 

I am having an issue with calls coming from the ITSP towards my CUBE, the setup is:

 

ITSP-> FTD FW -> CUBE <-> CUCM <-> IP PHONE

I try calling from my mobile phone to my IP Phone's DN, so I dial the DID number that the ITSP provided us with for my remote office and immediately the call gets ended without ringing or anything.

I have a Cisco ISR 4331 running as CUBE and i can see debugs (ccsip debugs) and this is what I get:

Sent:
SIP/2.0 400 Bad Request - 'Invalid Host'

 

Sent:
SIP/2.0 400 Bad Request - 'Invalid Host'

 

Meanwhile I don't get any logs for ( debug voip ccapi inout).

I can share more of the logs during our discussions.

Looking forward to discussing with you guys, thankk you very much in advance.

 

Kind regards,

EM.

 

0 Helpful
5 Replies 5

Nithin Eluvathingal
VIP
VIP

‎08-23-2021 03:58 AM

Could you please share debug ccsip messages output. 

 

 



Response Signature


0 Helpful

Ermir Morina
Level 1
Level 1
In response to Nithin Eluvathingal

‎08-23-2021 04:15 AM

Hi @Nithin Eluvathingal !

 

The file below contains the debug output.

If there is any need for extra info or explanation please contact me!

Preview file
27 KB
0 Helpful

Maren Mahoney
VIP
VIP
In response to Ermir Morina

‎08-23-2021 05:24 AM

This is likely a NAT issue. The key is:

Aug 23 06:30:09.034: //-1/xxxxxxxxxxxx/SIP/Error/sipSPI_validate_own_ip_addr: 
 ReqLine IP addr does not match with host IP addr
Aug 23 06:30:09.034: //-1/6596D0589837/SIP/Error/sact_idle_new_message_invite: 
 Invalid URL in incoming INVITE

When a router receives an inbound SIP INVITE, the first thing it does is determine if it is the intended recipient. If the INVITE is to an unknown IP address (unknown to the router) the INVITE is rejected.

Your INVITE shows:

To: "First name Last name"<sip:+38523201341@FW_Outside_Int>;cscf

Which I take to mean that NAT is in play. You will need to configure your FW for this VoIP scenario. Here is some help:

NAT in VoIP 

Maren

0 Helpful

Ermir Morina
Level 1
Level 1
In response to Maren Mahoney

‎08-24-2021 03:23 AM

If I understand this right, what I need to do on my FTD is configure Destination NAT ( translate the destination IP Address from my FW outside IP as can be seen above, to my CUBE-s IP address which I use to bind the media and control), is this right?

Because that is my current configuration on my FTD, but for some reason it doesn't seem to work and the invitation on the CUBE comes towards the wrong IP (FW Outside IP) and not towards the translated IP (CUBE's IP).

0 Helpful

Maren Mahoney
VIP
VIP
In response to Ermir Morina

‎08-24-2021 06:54 AM

The NAT will change the IP header to the CUBE IP (which is why it is getting to the CUBE at all), but once the SIP process on the CUBE starts processing the contents/payload of those IP packets for SIP information (which hasn't been altered by the FW) it fails.

The FTD-FW will need to be configured for SIP ALG (application layer gateway) which can reach in and change not just the header but also the information in the body (such as the SDP) and/or the CUBE will need to use a SIP Profile to alter the contents of the SIP headers.

Not all firewalls support SIP ALG, so you'll have to look at what yours can do. If not, there are techniques for doing all of the work on the CUBE. Here is one example:

Supporting CUBE NAT Integrations without Firewall ALG 

Maren

 

Customers Also Viewed These Support Documents