07-20-2011 05:05 AM - edited 03-21-2019 04:22 AM
Good afternoon,
I've tried everything, but just can't find the solution to my configuration error.
Somehow we can Call out, but we Can NOT call in.
In- and Outgoing connections work on an ISDN connection. But we want to get it working with a SIP provider.
We've checked the SIP account, it is valid and working so the mistake is in our configuration.
We did a Debug, and we think here's the mistake, but I'm not sure of what Command String I should put in.
Please advise!
---------\
Dial-Peer 1000
There's something wrong with Dial-Peer 1000, as it doesn't pick it up, but sends it back to the PSTN.
UC520#show dial-peer voice summary
dial-peer hunt 0
AD PRE PASS OUT
TAG TYPE MIN OPER PREFIX DEST-PATTERN FER THRU SESS-TARGET STAT PORT KEEPALIVE
54 pots up up 0[2-8]...... 4 up trunkgroup ALL_BRI
1054 voip up up 0[2-8]...... 1 syst sip-server
-------------\
!
dial-peer voice 1000 voip
permission term
description ** Incoming call from SIP trunk (Budgetphone) **
session protocol sipv2
session target sip-server
incoming called-number .%
voice-class codec 1
voice-class sip dtmf-relay force rtp-nte
dtmf-relay rtp-nte
ip qos dscp cs3 signaling
no vad
!
Solved! Go to Solution.
07-21-2011 05:53 AM
Steven,
That is not the ACL that we need to check. 104 is the normal ACL for the WAN interface, but if this is an ACL issue, it would likely be blocked by the ACL for the "SIP source-group". Here is what you are looking for in the config:
voice source-group CCA_SIP_SOURCE_GROUP_EXTERNAL
access-list 3
As a test to see if this is causing your problem, I would just test this by removing the access-list:
config T
voice source-group CCA_SIP_SOURCE_GROUP_EXTERNAL
no access-list 3
Then test an inbound call. If that works, you will not want to leave the access list out, we just need to add to the "permited" list of IP addresses. This can be done though CCA under the SIP configuration.
Thank you,
Darren
07-20-2011 04:16 PM
Hi Steven,
As silly as this sounds, have you checked to see if the IP address of the SIP-Server (Your ITSP) is in te3h ACL's ?
If you are using CLI you will need to input this in manually, if you are using CCA then add their IP address in as a trusted address...
If out-bound are working, then the chances of the problem being at your end are quite high, so just have a quick look at the ACL's in place.
Cheers,
David.
07-21-2011 01:07 AM
Thanks for your reply David.
It is a good suggestion, not stupid at all. But unfortunately the ACL's look OK.
Dit staat in de config.
access-list 104 remark auto generated by SDM firewall configuration##NO_ACES_21##
access-list 104 remark SDM_ACL Category=1
access-list 104 permit udp host 83.143.188.165 eq 5060 any
access-list 104 permit udp host 83.143.188.165 any eq 5060
access-list 104 permit udp host 192.168.10.1 eq 5060 any
07-21-2011 05:26 AM
Try removing permission term from dial-peer voice 1000 voip. You will want to put it back eventually. If inbound works with permission term removed on the dial peer it I may have some suggestions based on your config.
07-21-2011 05:53 AM
Steven,
That is not the ACL that we need to check. 104 is the normal ACL for the WAN interface, but if this is an ACL issue, it would likely be blocked by the ACL for the "SIP source-group". Here is what you are looking for in the config:
voice source-group CCA_SIP_SOURCE_GROUP_EXTERNAL
access-list 3
As a test to see if this is causing your problem, I would just test this by removing the access-list:
config T
voice source-group CCA_SIP_SOURCE_GROUP_EXTERNAL
no access-list 3
Then test an inbound call. If that works, you will not want to leave the access list out, we just need to add to the "permited" list of IP addresses. This can be done though CCA under the SIP configuration.
Thank you,
Darren
07-21-2011 07:42 AM
Thanks Darren!
You solved it!
It works!
Support Forum rocks!
Thanks everyone for thinking with me.
07-21-2011 08:25 AM
Steven,
I am glad it is now working.. Just wanted to note, that you should not just leave that access-list out of the configuration. This is in place to prevent toll-fraud. Now that you know what the issue is, you just need to get the ACL configured correctly..
Thank you,
Darren
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide