Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
919
Views
0
Helpful
8
Replies

CUBE: how to copy incoming ip address (SP sbc external interface ip)

nemani
Level 1
Level 1

‎03-24-2023 12:07 AM

In my cube configuration I have the trusted list defined:

voice service voip
ip address trusted list
ipv4 192.168.101.10
ipv4 192.168.101.11
ipv4 192.168.101.14

When sip invite comes in from one of these addresses I want to capture which ip-address it is coming from and transmit it inside for traffic analysis. how do i do that?

I can see various ways to copy and manipulate the sip headers. But the sip headers mostly will not have the 'service provider sbc external interface ip address' in either the via or the from/contact headers.

So, how can I capture the "service provider sbc external interface ip address", which is what we are giving in the above whitelist? I want to capture/copy it and put it in a custom sip header preferably and send it downstream for further traffic analysis.

 

Labels:
0 Helpful
8 Replies 8

Jonathan Schulenberg
Hall of Fame
Hall of Fame

‎03-24-2023 02:26 AM

Headers on the received INVITE will contain the IP address of the next hop that CUBE is communicating with. Via is one such example. If that is not your provider, which would be odd, this is out of your control and would need to be implemented by whatever that intermediate hop is first.

Cisco Unified Border Element Configuration Guide - Cisco IOS XE 17.6 Onwards 

0 Helpful

nemani
Level 1
Level 1
In response to Jonathan Schulenberg

‎03-24-2023 10:00 AM - edited ‎03-24-2023 10:03 AM

The via header many times contains the 'internal' ip-address of the service provider's SBC's external interface. The firewalls then change this ip-address to an external facing ip-address, but since firewalls don't have visibility into SIP messages, they can't change it within the via.

So, the actual ip-address from which the CUBE is receiving the messages which we whitelist in 'ip address trusted list' and the address in 'via' header within the SIP message vary many times. the information is present with cube, but there seems to be no way to copy it over into a variable or even filter using static rules on this ip-address.

0 Helpful

Jonathan Schulenberg
Hall of Fame
Hall of Fame
In response to nemani

‎03-24-2023 11:05 AM

That response is really confusing. I don't understand why the address would differ unless the firewall is performing SIP ALG and static NAT - which is fragile and a really bad idea in my experience. It just dawned on me that your original post shows RFC1918 addresses in the trust list though. Is that the actual IP of the provider's SIP SBC or what your firewall is NATing the external address to, as seen by CUBE? If the latter, give CUBE a routable IP address to/from the provider and eliminate the NAT and SIP ALG. Then your SIP headers will have the actual IP address of the provider's SBC and you can copy it across from the incoming to the outgoing call leg.

0 Helpful

nemani
Level 1
Level 1
In response to Jonathan Schulenberg

‎03-26-2023 01:10 PM

No those are not the actual service provider ip-addresses. Just copied that over from the lab setup where I was trying to figure things out. 

 

0 Helpful

b.winter
VIP
VIP

‎03-25-2023 11:46 PM

Use a sip-copylist on the incoming dial-peer to capture any desired header values and copy it into a custom header with sip-profiles on the outgoing dial-peer. (Check the link that @Jonathan Schulenberg provided).

But I would highly recommend to use a custom SIP header, and not a standard SIP header, since you probably will get problems of the message routing.

0 Helpful

nemani
Level 1
Level 1
In response to b.winter

‎03-26-2023 01:12 PM - edited ‎03-26-2023 01:13 PM

The sip-copylist would work only with the data contained in the sip messages. Am talking about the information where the SIP messages don't contain the information, but the CUBE has the information as part of its session management, like the far-end signaling ip-address.

0 Helpful

b.winter
VIP
VIP
In response to nemani

‎03-26-2023 11:56 PM

If you don't have the IPs in the SIP header, then you obviously cannot work on the SIP layer of copying / pasting things between messages / headers.
And I doubt, you will have a mechanism to copy them between different layer stacks (IP <--> SIP, or anywhere else)

0 Helpful

KY_
Level 4
Level 4
In response to b.winter

‎03-27-2023 01:36 AM

Hi

 

 

You can use sip profile  which i belive this could be best option if i understand correctly you should change ip addres of the CUBE WAN ip addres during call. If you bind interface incoming and outgoing dial-peer it will do this automaticaly in some cases fw will change with own ip there.

 

Example of sip profile;

 

 

 

 

voice class sip-profiles 100
request ANY sip-header From modify "172.16.32.2" "198.51.100.2"
request ANY sip-header Via modify "172.16.32.2" "198.51.100.2"
request ANY sip-header Remote-Party-ID modify "172.16.32.2" "198.51.100.2"
request ANY sip-header Contact modify "172.16.32.2" "198.51.100.2"
response ANY sip-header Contact modify "172.16.32.2" "198.51.100.2"
response ANY sip-header Remote-Party-ID modify "172.16.32.2" "198.51.100.2"
request ANY sdp-header Audio-Connection-Info modify "172.16.32.2" "198.51.100.2"
request ANY sdp-header Connection-Info modify "172.16.32.2" "198.51.100.2"
request ANY sdp-header Session-Owner modify "172.16.32.2" "198.51.100.2"
response ANY sdp-header Session-Owner modify "172.16.32.2" "198.51.100.2"
response ANY sdp-header Connection-Info modify "172.16.32.2" "198.51.100.2"
response ANY sdp-header Audio-Connection-Info modify "172.16.32.2" "198.51.100.2"
request ANY sip-header Call-Info modify "172.16.32.2" "198.51.100.2"
request ANY sip-header P-Asserted-Identity modify "172.16.32.2" "198.51.100.2"

 

 

 

Thanks

0 Helpful
Customers Also Viewed These Support Documents