×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

SIP Trunk Provider says UC520 replying with "500 internal server error" in response to inbound call

Answered Question
Feb 18th, 2009
User Badges:

I am trying to set up a SIP trunk DID. The calls do no go through, when a trace is performed the SIP Trunk Provider says UC520 replying with "500 internal server error" in response to inbound call.


Is this a generic message that has lots of possible sources or can this tell me anything?


thanks

Correct Answer by Marcos Hernandez about 8 years 6 months ago

CCA 1.9 adds a voice source group for security purposes, that makes the UC500 accept calls ONLY from the configured Proxy server under the SIP Trunk tab. This is put in place to avoid toll fraud (by blocking calls from anonymous sources).


The CLI for that voice source group is as follows:


!
voice source-group CCA_SIP_SOURCE_GROUP
access-list 2
translation-profile incoming SIP_Incoming

!

access-list 2 remark CCA_SIP_SOURCE_GROUP_ACL
access-list 2 remark SDM_ACL Category=1
access-list 2 permit a.b.c.d
access-list 2 deny   any

!


where a.b.c.d is the IP of the proxy.


What was happening here, is that the UC500 was not receiving SIP signaling from that particular IP, but a different one (a 4.x.x.x IP from Level3). this is very common in the SIP world, where ITSP's resell service from wholesale providers.


By adding the 4.x.x.x subnet to the access-list, signalign from that wholesale provider is now allowed:


!

access-list 2 remark CCA_SIP_SOURCE_GROUP_ACL
access-list 2 remark SDM_ACL Category=1
access-list 2 permit a.b.c.d

access-list 2 permit 4.0.0.0 0.0.0.255
access-list 2 deny   any

!


Adding specific subnets to this "allowed list" via the CCA GUI is an enhancement that we will need to incorporate. I will take this up to my team for consideration. That way, CLI won't be required to fix this rather common situation.


Marcos Hernandez
Technical Marketing Engineer
Cisco Systems, Inc.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Marcos Hernandez Wed, 02/18/2009 - 14:34
User Badges:
  • Blue, 1500 points or more

I would like to take a look at your full "debug ccsip mess" output and also your full configuration. Since it may have confidential information, please email it to me at marchern@cisco.com. We will post our findings on this thread.


Thanks,


Marcos Hernandez
Technical Marketing Engineer
Cisco Systems, Inc.

mcastrigno Wed, 02/18/2009 - 14:51
User Badges:

the cli says "SIP Call messages tracing is enabled"


I made a call in (tried to) where is the output of that trace?


thanks

Marcos Hernandez Wed, 02/18/2009 - 15:03
User Badges:
  • Blue, 1500 points or more

Use this command:


"terminal monitor"


and you will see console output on your Telnet/SSH session. Make sure you have enough buffer space to go back and capture all the messages.


Marcos Hernandez
Technical Marketing Engineer
Cisco Systems, Inc.

mcastrigno Wed, 02/18/2009 - 15:16
User Badges:

figured out the debug - used "terminal monitor."


I have sent you the output as well as the running configuration.


thanks

Correct Answer
Marcos Hernandez Wed, 02/18/2009 - 16:34
User Badges:
  • Blue, 1500 points or more

CCA 1.9 adds a voice source group for security purposes, that makes the UC500 accept calls ONLY from the configured Proxy server under the SIP Trunk tab. This is put in place to avoid toll fraud (by blocking calls from anonymous sources).


The CLI for that voice source group is as follows:


!
voice source-group CCA_SIP_SOURCE_GROUP
access-list 2
translation-profile incoming SIP_Incoming

!

access-list 2 remark CCA_SIP_SOURCE_GROUP_ACL
access-list 2 remark SDM_ACL Category=1
access-list 2 permit a.b.c.d
access-list 2 deny   any

!


where a.b.c.d is the IP of the proxy.


What was happening here, is that the UC500 was not receiving SIP signaling from that particular IP, but a different one (a 4.x.x.x IP from Level3). this is very common in the SIP world, where ITSP's resell service from wholesale providers.


By adding the 4.x.x.x subnet to the access-list, signalign from that wholesale provider is now allowed:


!

access-list 2 remark CCA_SIP_SOURCE_GROUP_ACL
access-list 2 remark SDM_ACL Category=1
access-list 2 permit a.b.c.d

access-list 2 permit 4.0.0.0 0.0.0.255
access-list 2 deny   any

!


Adding specific subnets to this "allowed list" via the CCA GUI is an enhancement that we will need to incorporate. I will take this up to my team for consideration. That way, CLI won't be required to fix this rather common situation.


Marcos Hernandez
Technical Marketing Engineer
Cisco Systems, Inc.

Barry Hunsinger Wed, 06/03/2009 - 14:15
User Badges:

I am having the exact same issue. I am runningcca 2.0. how do I implement this fix?

bross@xtelesis.com Tue, 03/23/2010 - 14:43
User Badges:

I'm eperiencing the same problem with not being able to receive calls on a SIP trunk, no problems with outbound. I'm using a UC540 and CCA 2.2 (2). My provider (EtherSpeak) gave me an IP for the SIP proxy server with no other information, user/pass not needed. I've tried everything in this thread with no luck so far, all help would be appreciated.. thanks

joe.weinstock@w... Tue, 03/23/2010 - 15:25
User Badges:

We recently had a similar issue with a UC540 with a generic sip config that had worked on previously installed UC520's.  Upgraded the UC540 from 8.0 to 8.01 and that resolved the issue.

bross@xtelesis.com Tue, 03/23/2010 - 15:30
User Badges:

I'm on 8.0 now, will try the upgrade to 8.01 and see if that helps.. Thanks Joe


Barry

bross@xtelesis.com Wed, 03/24/2010 - 11:01
User Badges:

I upgraded the UC540 to 8.0(1), and still having the same issue, I can make outbound calls over the SIP trunk, but no incoming.. Like I said previously, I've attempted all the fixes in this thread, but still in the same situation.. I have also configured the UC540 both from CCA 2.2.2, and from the CLI, each time starting from a default configuration, same results each time..

Maulik Shah Wed, 03/24/2010 - 17:02
User Badges:
  • Silver, 250 points or more

Please gather the logs as identified in section 1 on link below and post to the thread - be sure to mask any passwords or other sensitive information (pvt msg if you do not want to post this)


https://supportforums.cisco.com/docs/DOC-9830


Minor note - maybe best to start a new thread on this topic so as to not confuse with the original poster's question

mcastrigno Wed, 02/18/2009 - 17:35
User Badges:

Thanks Marcos - couldn't have done it without you!

mcastrigno Wed, 03/24/2010 - 18:24
User Badges:

Maulik,


I am the orignal poster and appreciate that this thread has been expanded.


I am very interested is learning this persons resolution as it is very common that users have only this message from ISPs to work with.


I look forward to reading your responses to his logs and config.


Thank you,

mcastrigno

bross@xtelesis.com Fri, 03/26/2010 - 14:09
User Badges:

This issue has been RESOLVED, the problem was on the ITSP side, they gave me the wrong DID.. However, while trying to troubleshoot this I reset the UC540 to default, and rebuilt using the CLI instead of CCA 2.2.2, and at this point I don't have any access-lists in place. I'm going to save this config and start from default again and build with CCA to see if I get the same results.. Thanks to folks who offered suggestions.


Barry

Actions

This Discussion

Related Content