SCCP Phone behind Application Layer Gateway (Firewall)

Unanswered Question
Jun 18th, 2009
User Badges:


We have a few phones behind a firewall that use an Application Layer Gateway (alg) to allow the phone to work properly. The firewall uses NAT to map the local addresses to the addresses that the remote clients are assigned. This worked prior to our upgrade to CUCM 7.0.2 and the phone is running 8.4.4. There is one phone that didn't upgrade and its still running 8.3.3.

Is this something that was intended or should I open a TAC case to get it resolved?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Nicholas Matthews Thu, 06/18/2009 - 15:59
User Badges:
  • Red, 2250 points or more

If you're running a third party firewall they may not have the algorithm for the most recent sccp version. CUCM 7 will most likely be using a different sccp version than what your firewall is expecting. This is also dependent on your phone firmware.

You can do a few things:

-Ask the firewall folks if they know about this, and see which SCCP versions they support

-Downgrade phone firmware to work around the issue.

You can open a TAC case if you would like, but you're likely to get the same answer.



ecornwell Fri, 06/19/2009 - 05:15
User Badges:

Thanks for the response. That's what I was afraid of. I upgraded the firewall to the latest version available. It looks like I'll have to downgrade the phone for right now.


ecornwell Mon, 06/22/2009 - 11:45
User Badges:

I believe it was dealing with the SCCP version. I loaded 8-3-5 onto the phone and it started working as expected again!

Thanks for your help!

Nicholas Matthews Mon, 06/22/2009 - 19:18
User Badges:
  • Red, 2250 points or more

No problem, glad I could help.

The newest SCCP version (17 I believe) isn't quite wireshark compatible yet so I know there were some pretty significant changes in the algorithm.



This Discussion