02-13-2018 04:44 PM - edited 03-01-2019 02:06 PM
Hello,
In labbing out a CSR 1000V, we ran into an issue where INVITE messages stopped being sent out when SIP control was configured for TCP, throwing the following error:
%SIP-3-INTERNAL: TCP_SOCKET_SEND_BLOCKED: connid=24, local_addr=192.168.64.4, remote_addr=54.244.51.1, remote_port=5060 - All retries are exhausted, deleting pending messages.
Pcaps confirm that no sip message is sent, though there is a successful tcp handshake for each attempt. Trunk is authenticated with no TLS. If anyone has seen something like this please let me know. I've attached logs and configs for the curious.
Thanks in advance,
Brian Warlick
Solved! Go to Solution.
02-14-2018 02:19 PM
Was this from the firewall ingress or egress ? I am assuming ingress.
I am attaching a PDF containing the flow graph for the TCP transactions. You can see that the router is able to successfully establish a 3-way handshake with all three ITSP IP's but your ITSP stops responding after that. Towards the end you would see RST being initiated by all three IP addresses towards the router.
Has your ITSP confirmed the ports that need to be used ? Right now you are using a source ephemeral port and a destination port of 5060. This is the default behavior for IOS.
02-13-2018 04:57 PM
02-14-2018 10:10 AM
I enabled "ccsip all" and "ip tcp transactions"and attached output. I did not see ccapi inout as a valid debug option. Below is the version currently running:
Cisco IOS XE Software, Version 16.03.05
Cisco IOS Software [Denali], CSR1000V Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 16.3.5, RELEASE SOFTWARE (fc1)
Thank you for taking the time to help.
02-14-2018 10:28 AM
02-14-2018 10:56 AM
Yes ITSP is 54.244.51.2, .1, and .0
Please let me know if you would still like the debug voice ccapi inout output and i can run out and generate another log.
02-14-2018 11:07 AM
02-14-2018 01:37 PM
02-14-2018 02:19 PM
Was this from the firewall ingress or egress ? I am assuming ingress.
I am attaching a PDF containing the flow graph for the TCP transactions. You can see that the router is able to successfully establish a 3-way handshake with all three ITSP IP's but your ITSP stops responding after that. Towards the end you would see RST being initiated by all three IP addresses towards the router.
Has your ITSP confirmed the ports that need to be used ? Right now you are using a source ephemeral port and a destination port of 5060. This is the default behavior for IOS.
02-14-2018 04:02 PM
Well i feel rather sheepish... Security did have another firewall hiding in there. They whitelisted the source/dest on it and messages started flowing. Thank you for all the help.
02-14-2018 04:06 PM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: