Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1844
Views
5
Helpful
8
Replies

AS5400 SIP gateway and access-list control

mathieuploton
Level 1
Level 1

‎02-02-2011 08:25 PM

Dear all,

I have a sip gateway (AS5400) that is used to connect sip providers to our internal voice network.

Internal gateway (10.1.1.2 LAN) -- SIP trunk --  AS5400 (10.1.1.3 LAN/ 8.23.23.43 WAN) -- SIP trunk -- Internet SIP Provider

We encountered the following problem :

A SIP call from internal gateway to the sip provider could establish but was muted on our side (sip provider could hear us)

On the WAN interface of the AS5400, there is a ACL that filter traffic IN coming from SIP Provider

interface GigabitEthernet0/0

ip address 8.23.23.43 255.255.255.224

ip access-group 101 in

I log the deny on this ACL and I saw some udp packets denied with LAN adresses !

*Mar  3 15:24:44.001: %SEC-6-IPACCESSLOGP: list 101 denied udp 10.1.1.3(0) -> 10.1.1.2 (0), 1 packet

I did not bind anything on the sip config.

When I changed the ACLs, calls went well.

Why do I see LAN packets on the WAN interface ?

Labels:
0 Helpful
8 Replies 8

Daniele Giordano
Level 8
Level 8

‎02-04-2011 02:45 AM

Can you post the configuration of your AS5400 and the output of the command "debug ccsip message"?

Regards.

0 Helpful

mathieuploton
Level 1
Level 1
In response to Daniele Giordano

‎02-04-2011 03:14 AM

The config is enclosed (anonymised, hope not too much...), debug will be on monday

Thank you for your help !

79852-as5400-anonymous.txt.zip
0 Helpful

mathieuploton
Level 1
Level 1
In response to mathieuploton

‎02-06-2011 06:56 PM

This is the debug

79946-debug.log.zip
0 Helpful

Daniele Giordano
Level 8
Level 8
In response to mathieuploton

‎02-07-2011 09:24 AM

Probably your IP packets are generated from interface GigabitEthernet0/1.

Try to specify the output interface using bind command:

voice service voip
sip
  bind control source-interface GigabitEthernet0/0
  bind media source-interface GigabitEthernet0/0

Regards.

0 Helpful

mathieuploton
Level 1
Level 1
In response to Daniele Giordano

‎02-07-2011 07:00 PM

Hello Daniele,

But if I do that, I will have the same problem with my lan interface. Is there not a way to bind the sip traffic on both interfaces ?

0 Helpful

Daniele Giordano
Level 8
Level 8
In response to mathieuploton

‎02-08-2011 02:24 AM

The only way I know to "bind" different interfaces is the command voice-class source interface under dial-peer configuration.

But there is a limitation: this command works only with loopback interface.
So, you should change the configuration of your gateway.

voice-class source interface

To allow a loopback interface to be associated with a VoIP or VoIPv6 dial-peer profile, use the voice-class source interface command in dial peer configuration mode. To disable this association, use the no form of this command.

voice-class source interface loopback interface-id [ipv4-address | ipv6-address]

no voice-class source interface loopback interface-id [ipv4-address | ipv6-address]

Syntax Description

loopback

Specifies the loopback interface address.

interface-id

Specifies the interface on which the address is to be configured.

ipv4-address

(Optional) IPv4 address used in the loopback interface address.

ipv6-address

(Optional) IPv6 address used in the loopback interface address.

Command Default

No loopback interface is associated with a VoIPv6 dial-peer profile.

Command Modes

Dial peer configuration (config-dial-peer)

Command History

Release
Modification

12.4(22)T

This command was introduced.

Usage Guidelines

When the voice-class source interface command is configured, the source address of Routing Table Protocol (RTP) generated by the gateway is taken from the address configured under the loopback interface. This command is used for policy-based routing (PBR) of voice packets originated by the gateway. The policy route map is configured under the loopback interface, and then the loopback interface is specified under the VoIP or VoIPv6 dial peer.

Examples

The following example associates a loopback interface with a VoIPv6 dial-peer profile:

Router(config)# dial-peer voice 1 voip


Router (config-dial-peer)# voice-class source interface loopback0

Related Commands

Command
Description

dial-peer voice

Defines a particular dial peer, specifies the method of voice encapsulation, and enters dial peer configuration mode.

Muthurani Lavanya Paneerselvam
Level 9
Level 9
In response to Daniele Giordano

‎02-08-2011 03:01 AM

Hi

Very useful info. This will work well to bind the traffic to the interface level. My rating is 5 !

0 Helpful

mathieuploton
Level 1
Level 1
In response to Daniele Giordano

‎02-08-2011 03:10 AM

Thanks,

I will try this and let you know,

Thank you for your help,

Mathieu

0 Helpful
Customers Also Viewed These Support Documents