Inbound calls from a SIP Trunk fail on the UC520 1. Symptom When configuring a "Generic SIP Trunk Provider" with CCA version 1.9 or higher, getting reports of inbound calls to the UC520 will fail with fast busy. One of the possible reasons for this is that with CCA 1.9 or higher, the configuration only allows SIP messages to be accepted by the UC520 from well known entities (IP address or DNS configured in Proxy server, Registrar Server or Outbound Proxy fields in SIP Trunk tab). Hence if the SIP Trunk provider sent a SIP INVITE (call setup request) to the UC520 from an IP address different from the configured values, inbound SIP calls will fail. 2. To help identify if this is the issue you are seeing, there is a two step process: a. Gather SIP debugs using https://www.myciscocommunity.com/docs/DOC-1520#Setting_up_UC500_for_debugging_or_troubleshooting_SIP_Trunk_issues which should show the below: SNIP Received: INVITE sip:4085551000@100.1.1.1:5060 SIP/2.0 From:"Cisco Systems" To:"Cisco SIP" Call-ID:130610680070409-1178274206 CSeq:12952893 INVITE Contact: SNIP SNIP 006443: Apr 7 13:08:24.069 EST: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg: Sent: SIP/2.0 500 Internal Server Error From:"Cisco Systems" To:"Cisco SIP" Call-ID:130610680070409-1178274206 CSeq:12952893 INVITE Allow-Events: telephone-event Server: Cisco-SIPGateway/IOS-12.x Content-Length: 0 SNIP The source IP address of the SIP message is in the From header or the Contact header after the "@" sign. In this example it is 20.20.20.20 b. Check if the UC520 config is setup to allow SIP messages from this IP address UC520#show run | s i CCA_SIP voice source-group CCA_SIP_SOURCE_GROUP access-list 2 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< access-list tag >>>>>>>> translation-profile incoming SIP_Incoming access-list 2 remark CCA_SIP_SOURCE_GROUP_ACL UC520#sh run | s i access-list 2 access-list 2 remark CCA_SIP_SOURCE_GROUP_ACL access-list 2 remark SDM_ACL Category=1 access-list 2 permit 20.10.10.10 access-list 2 deny any As shown above, there is no permit statement for 20.20.20.20 and hence calls fail. 3. Solution To workaround this in CLI - here is what you need to do. We are looking at adding this as an option on the CCA GUI in a future release. a. Go to configuration mode & remove the access list: UC520#config terminal Enter configuration commands, one per line. End with CNTL/Z. UC520(config)#no access-list 2 b. Re add the original access-list entries upto the deny statement UC520(config)#access-list 2 remark CCA_SIP_SOURCE_GROUP_ACL UC520(config)#access-list 2 remark SDM_ACL Category=1 UC520(config)#access-list 2 permit 20.10.10.10 c. Add permit entry for the source IP address from section 2a. If there are multiple IP addresses, multiple permit statements are needed, then add the deny any UC520(config)#access-list 2 permit 20.20.20.20 UC520(config)#access-list 2 deny any