WI-FI Calling - Apple fails Android works.

c-davies · ‎01-05-2023

Cisco Firepower Management Center 1600
Software Version 7.0.1 (build 84)
OS Cisco Firepower Extensible Operating System (FX-OS) 2.10.1 (build175)
Snort Version 2.9.18 (Build 1026)
Snort3 Version 3.1.0.100 (Build 11)

When attempting WI-FI calling android devices work but apple devices fail. An IPsec tunnel is started, we can see that 500 (isakmp) / udp has return traffic but 4500 is not blocked but has no return traffic. If the firewall is bypassed (connected directly to the internet router using public IPs) then WI-FI calling works on the apple. The apple can wi-fi call on other networks without a firepower.

I am struggling to understand how the apple IPsec could be any different to the Android?

Devices tried

1. Android Note8 - O2 - WORKS
2. Android Pixle7 - 3 - WORKS
3. Android ? - ? - WORKS
3. iPhone 14 Pro / 11 - 02 (diff O2 SIMs tried) - FAILED

Could this be related to Nat traversal?
FTD config has;
crypto isakmp nat-traversal 20

Any direction or solution most welcome...

@ciscokiddy

douglasdmoe · ‎12-04-2024

This is kind of an old post but I am running into a similar issue now. WiFi calls for iPhones are failing while WiFi calls on Androids are working. In my case it is using a Cisco 9800-40 controller. What did you end up doing to get this resolved?

c-davies · ‎12-04-2024

Hello, sorry to disappoint, I have no solution. The powers that be decided it was a low priority thing, so didn't get fixed. I am sure this is a firewall problem, if another type of firewall was used iPhone WIFI-calling worked. From memory, remote sites with local breakout not filtering via the firepower allowed iphone wifi-calling. Around that time on the firepower, I think we were using snort2 as snort3 had some problems with it. Good luck!