×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Incoming SIP not working Reason:127 - any help?

Unanswered Question
Jan 20th, 2012
User Badges:

Hi,

Can anyone help? I'm not incredibly technical but have a vague understanding... using the CCA to setup, I know how to telnet into CLI but not confident on the commands to use after that so don't generally touch it so I don't break anything.


I've set up a SIP trunk on a UC540 from VOIP-Unlimited. The outgoing calls work fine, and have even set up the outbound DID mapping.


However can't get incoming calls to connect. I've checked that the IP addresses from the ITSP are all set to be allowed, and I've mapped the inbound DID to an extension. The error log includes the number formatted as both +44845.... and 0845.... so I've tried both on the inbound mapping but neither work.


The error code is 127, but after reading the Cisco document on incoming call problems can't work out what else to do?


Oh and I do have a Dynamic Public IP address which is being changed to a Static IP in the next few weeks if that makes a difference - but the error log shows the correct public IP address for my connection.


The error log is (I've starred out my phone numbers and public IP address):


Frame 4 (624 bytes on wire, 624 bytes captured)

Arrival Time: Jan 20, 2012 12:18:40.027551000

Internet Protocol, Src: [MYPUBLICIP] ([MYPUBLICIP]), Dst: 91.151.2.130 (91.151.2.130)

User Datagram Protocol, Src Port: sip (5060), Dst Port: sip (5060)

Session Initiation Protocol

Status-Line: SIP/2.0 500 Internal Server Error

Status-Code: 500

[Resent Packet: False]

Message Header

Reason: Q.850;cause=127

Reason Protocols: Q.850

Cause: 127(0x7f)[Internetworking, unspecified]

Date: Fri, 20 Jan 2012 12:29:40 GMT

From: <sip:[email protected]>;tag=3536050719-942236

SIP from address: sip:[email protected]

SIP from address User Part: 07525******

SIP from address Host Part: 91.151.11.20

SIP tag: 3536050719-942236

Allow-Events: telephone-event

Content-Length: 0

To: +44845******* <sip:[email protected];user=phone>;tag=1E8224-1038

SIP Display info: +44845*******

SIP to address: sip:[email protected]

SIP to address User Part: 0845*******

SIP to address Host Part: 91.151.2.130

SIP tag: 1E8224-1038

Call-ID:

[email protected]


Via: SIP/2.0/UDP 91.151.2.130;branch=z9hG4bKf438.ad3a8dc1.0,SIP/2.0/UDP 91.151.11.20:5060;rport=5060;received=91.151.11.20;branch=z9hG4bK03c5a15cdfb692caf9f5d370fad8dd48

Transport: UDP

Sent-by Address: 91.151.2.130

Branch: z9hG4bKf438.ad3a8dc1.0

Transport: UDP

Sent-by Address: 91.151.11.20

Sent-by port: 5060

RPort: 5060

Received: 91.151.11.20

Branch: z9hG4bK03c5a15cdfb692caf9f5d370fad8dd48

CSeq: 1 INVITE

Sequence Number: 1

Method: INVITE

Server: Cisco-SIPGateway/IOS-12.x

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mdobiac Fri, 01/20/2012 - 06:22
User Badges:
  • Bronze, 100 points or more

Mr. Simpson,


In what is provided I see that you are getting a 500 internal server error.  This is usually cause either by your current Access control lists by not allowing all IP address from your VOIP provider, or the provider is sending you information that the UC540 does not recognize.


What I would like to see as for debugs which you can run in CCA under Troubleshoot > General debugs.  The commands are debug voip ccapi inout and debug ccsip message. 


I will also like to see a current running configuration. 


Please attach these as a file and remove/hide any private information you do not want known.


Thank you,




Mike D.

lgaughan Fri, 01/20/2012 - 16:37
User Badges:

Hi Neil,

It looks like there is another IP Address in the INVITE (via header) that is not being allowed (91.151.2.130). 


Also, make sure that your inbound DIDs reflect exactly what the ITSP sends in the request URI

(INVITE sip:0845*******@**.**.***.**:62768 SIP/2.0).


Laura

reclaimuk Sun, 01/22/2012 - 05:55
User Badges:

I noticed that myself - but in the CCA under SIP trunk - advanced options, it is listed as one of the additional allowed IP addresses. The weird thing is I didn't add it to the list, it appeared there after I set up the SIP trunk.


Is there a way to add that IP address to the Access list using the CLI?

reclaimuk Sun, 01/22/2012 - 07:51
User Badges:

Does it matter if the IP address concerned is in the Standard or Extended Access List and does it matter which acces list i.e. Access List 1,2,3 or 101, 102, 103 etc?

ADAM CRISP Mon, 01/23/2012 - 01:10
User Badges:
  • Silver, 250 points or more

Hi Neil - Adding an IP address for the Service provider using CCA adjusts

1. WAN access list - typically Access-list 104

2. Access list used with a voice-source group - typically access list 3


I would imagine an extended access list would work with a source-group, with the first subnet being used to match the source.

You may find this link useful as it discusses the security techniques CCA uses for protecting a system - and covers source groups / wan access lists.


http://www.voip.co.uk/ciscoccatoolsecurity/


Adam

reclaimuk Mon, 01/23/2012 - 03:11
User Badges:

Checking the dial-peers - this is what I have set up. The numbers match what is being sent by the ITSP but do the rest of the settings make sense?




!

dial-peer voice 3000 voip

description 01422

translation-profile incoming 01422_Called_4

voice-class codec 1

voice-class sip dtmf-relay force rtp-nte

session protocol sipv2

session target sip-server

incoming called-number 01422******

dtmf-relay rtp-nte

ip qos dscp cs5 media

ip qos dscp cs4 signaling

no vad

!

dial-peer voice 3001 voip

description +441422

translation-profile incoming +441422_Called_5

voice-class codec 1

voice-class sip dtmf-relay force rtp-nte

session protocol sipv2

session target sip-server

incoming called-number +441422******

dtmf-relay rtp-nte

ip qos dscp cs5 media

ip qos dscp cs4 signaling

no vad

!

dial-peer voice 3002 voip

description 0845

translation-profile incoming 0845_Called_6

voice-class codec 1

voice-class sip dtmf-relay force rtp-nte

session protocol sipv2

session target sip-server

incoming called-number 08455******

dtmf-relay rtp-nte

ip qos dscp cs5 media

ip qos dscp cs4 signaling

no vad

!

!

no dial-peer outbound status-check pots

sip-ua

credentials username 01422658*** password 7 *** realm sip.voip-unlimited.net

credentials username 08455240*** password 7 *** realm sip.voip-unlimited.net

authentication username 01422***** password 7 ***

no remote-party-id

retry invite 2

retry register 10

timers connect 100

registrar dns:sip.voip-unlimited.net expires 3600

sip-server dns:sip.voip-unlimited.net

host-registrar

!

!

!




ADAM CRISP Mon, 01/23/2012 - 03:21
User Badges:
  • Silver, 250 points or more

yes they look fine.

In your trace you have:

"

INVITE sip:0845*******@**.**.***.**:62768 SIP/2.0"


the **'s after the @ - is this the IP address of your UC500 ?

reclaimuk Mon, 01/23/2012 - 03:17
User Badges:

This is the ACL but I assume this is set up correctly also? IP's from the ITSP are 91.151.2.130 and 91.151.11.20


access-list 1 remark SDM_ACL Category=2

access-list 1 permit 10.1.1.0 0.0.0.255

access-list 1 permit 10.0.1.0 0.0.0.255

access-list 1 permit 10.1.10.0 0.0.0.3

access-list 2 remark CCA_SIP_SOURCE_GROUP_ACL_INTERNAL

access-list 2 remark SDM_ACL Category=1

access-list 2 permit 10.0.1.0 0.0.0.255

access-list 2 permit 10.1.1.0 0.0.0.255

access-list 2 permit 10.1.10.0 0.0.0.3

access-list 3 remark CCA_SIP_SOURCE_GROUP_ACL_EXTERNAL

access-list 3 remark SDM_ACL Category=1

access-list 3 permit 91.151.2.130

access-list 3 permit 91.151.11.20

access-list 3 deny   any

access-list 100 remark auto generated by SDM firewall configuration

access-list 100 remark SDM_ACL Category=1

access-list 100 deny   ip 192.168.10.0 0.0.0.255 any

access-list 100 deny   ip host 255.255.255.255 any

access-list 100 deny   ip 127.0.0.0 0.255.255.255 any

access-list 100 permit ip any any

access-list 101 remark auto generated by SDM firewall configuration##NO_ACES_7##

access-list 101 remark SDM_ACL Category=1

access-list 101 permit tcp 10.1.1.0 0.0.0.255 eq 2000 any

access-list 101 permit udp 10.1.1.0 0.0.0.255 eq 2000 any

access-list 101 deny   ip 10.1.1.0 0.0.0.255 any

access-list 101 deny   ip 10.0.1.0 0.0.0.255 any

access-list 101 deny   ip host 255.255.255.255 any

access-list 101 deny   ip 127.0.0.0 0.255.255.255 any

access-list 101 permit ip any any

access-list 102 remark auto generated by SDM firewall configuration##NO_ACES_5##

access-list 102 remark SDM_ACL Category=1

access-list 102 deny   ip 10.1.10.0 0.0.0.3 any

access-list 102 deny   ip 10.1.1.0 0.0.0.255 any

access-list 102 deny   ip host 255.255.255.255 any

access-list 102 deny   ip 127.0.0.0 0.255.255.255 any

access-list 102 permit ip any any

access-list 103 remark auto generated by SDM firewall configuration##NO_ACES_7##

access-list 103 remark SDM_ACL Category=1

access-list 103 permit tcp 10.1.10.0 0.0.0.3 any eq 2000

access-list 103 permit udp 10.1.10.0 0.0.0.3 any eq 2000

access-list 103 deny   ip 10.1.10.0 0.0.0.3 any

access-list 103 deny   ip 10.0.1.0 0.0.0.255 any

access-list 103 deny   ip host 255.255.255.255 any

access-list 103 deny   ip 127.0.0.0 0.255.255.255 any

access-list 103 permit ip any any

access-list 104 remark auto generated by SDM firewall configuration##NO_ACES_22##

access-list 104 remark SDM_ACL Category=1

access-list 104 permit udp host 91.151.2.130 eq 5060 any

access-list 104 permit udp host 91.151.2.130 any eq 5060

access-list 104 permit udp host 91.151.11.20 eq 5060 any

access-list 104 permit udp host 91.151.11.20 any eq 5060

access-list 104 permit udp host 10.0.1.1 eq 5060 any

access-list 104 permit udp host 10.0.1.1 any eq 5060

access-list 104 permit udp any any range 16384 32767

access-list 104 deny   ip 10.1.10.0 0.0.0.3 any

access-list 104 deny   ip 10.1.1.0 0.0.0.255 any

access-list 104 deny   ip 10.0.1.0 0.0.0.255 any

access-list 104 permit udp any eq bootps any eq bootpc

access-list 104 permit icmp any any echo-reply

access-list 104 permit icmp any any time-exceeded

access-list 104 permit icmp any any unreachable

access-list 104 deny   ip 10.0.0.0 0.255.255.255 any

access-list 104 deny   ip 172.16.0.0 0.15.255.255 any

access-list 104 deny   ip 192.168.0.0 0.0.255.255 any

access-list 104 deny   ip 127.0.0.0 0.255.255.255 any

access-list 104 deny   ip host 255.255.255.255 any

access-list 104 deny   ip any any log

reclaimuk Mon, 01/23/2012 - 03:20
User Badges:

Last thing from Adam's link to check was IP Address Trusted List, my config appears not to have any?


voice service voip

allow-connections h323 to h323

allow-connections h323 to sip

allow-connections sip to h323

allow-connections sip to sip

supplementary-service h450.12

no supplementary-service sip moved-temporarily

no supplementary-service sip refer

sip

  registrar server expires max 3600 min 3600

  localhost dns:sip.voip-unlimited.net

   outbound-proxy dns:sip.voip-unlimited.net

  no update-callerid

  sip-profiles 1000

!

!



The example given in Adam's link shows this:


voice service voip
 ip address trusted list
 ipv4 0.0.0.0 0.0.0.0 ! allows all voip sources
 allow-connections h323 to h323
 allow-connections h323 to sip
 allow-connections sip to h323
 allow-connections sip to sip
 supplementary-service h450.12
 no supplementary-service sip moved-temporarily
 no supplementary-service sip refer




OR THIS



voice service voip
 ip address trusted list
 ipv4 10.1.10.0 255.255.255.252 ! Subnet used by CUE
 ipv4 10.1.1.0 255.255.255.0 ! Subnet used internally for voice sources
 ipv4 193.203.210.0 255.255.254.0 ! Subnet for the Service Provider
 allow-connections h323 to h323
 allow-connections h323 to sip
 allow-connections sip to h323
 allow-connections sip to sip
 supplementary-service h450.12
 no supplementary-service sip moved-temporarily
 no supplementary-service sip refer





ANY HELP GREATLY APPRECIATED!!

ADAM CRISP Mon, 01/23/2012 - 03:28
User Badges:
  • Silver, 250 points or more

Neil -


The IP address list trusted list part is valid in recent IOS images.

You can try to add this in.



conf t

voice service voip
 ip address trusted list
 ipv4 0.0.0.0 0.0.0.0


If the commands are not accepted then this is not a factor on your box.


Please can you answer the question:
In your SIP trace the Invite you received is in the format:

INVITE sip:0845*******@**.**.***.**:62768 SIP/2.0


the **.**.****.** after the @ sign  - is this the IP address of your BOX ?
If not this is a possible cause of your problem.

Adam
reclaimuk Mon, 01/23/2012 - 03:45
User Badges:

Got this far but typing in IP ADDRESS TRUSTED LIST results in an error.



UC_540#config t

Enter configuration commands, one per line.  End with CNTL/Z.

UC_540(config)#voice service voip

UC_540(conf-voi-serv)#ip ad

UC_540(conf-voi-serv)#ip address tr

UC_540(conf-voi-serv)#ip address trusted

UC_540(conf-voi-serv)#ip address trusted l

UC_540(conf-voi-serv)#ip address trusted list

                      ^

% Invalid input detected at '^' marker.



UC_540(conf-voi-serv)# ip address trusted list

                       ^

% Invalid input detected at '^' marker.



UC_540(conf-voi-serv)#?

VOICE SERVICE configuration commands:

  address-hiding         Address hiding (SIP-SIP)

  allow-connections      Allow call connection types

  callmonitor            Call Monitoring

  cause-code             Sets the internal cause code for SIP and H323

  clid                   Caller ID option

  cpa                    Enable Call Progress Analysis for voip calls

  default                Set a command to its defaults

  dtmf-interworking      Dtmf Interworking

  exit                   Exit from voice service configuration mode

  fax                    Global fax commands

  fax-relay              Global fax relay commands

  gcid                   Enable Global Call Identifcation for voip

  h323                   Global H.323 configuration commands

  media                  Global media setting for voip calls

  modem                  Global modem commands

  no                     Negate a command or set its defaults

  notify                 send facility indication to application

  qsig                   QSIG

  redirect               voip call redirect

  rtp-ssrc               Global setting to handle multiple RTP SSRC's

  shutdown               Stop VoIP services gracefully without dropping active calls

  signaling              Global setting for signaling payload handling

  sip                    SIP configuration commands

  srtp                   Allow Secure calls

  supplementary-service  Config supplementary service features

  text                   Global text commands



UC_540(conf-voi-serv)#

reclaimuk Mon, 01/23/2012 - 03:46
User Badges:

And yes the IP address after the phone number does match our Public IP address. It's a Dynamic IP address though, will the box pick this up using DHCP?

ADAM CRISP Mon, 01/23/2012 - 03:54
User Badges:
  • Silver, 250 points or more

Your configuration shows the router is setup for DHCP yes.

Please can you post the output of "show ip interface brief" ?

reclaimuk Mon, 01/23/2012 - 03:56
User Badges:

UC_540#show ip interface brief

Interface                  IP-Address      OK? Method Status                Protocol

FastEthernet0/0            82.38.242.91    YES DHCP   up                    up     

In0/0                      10.1.10.2       YES TFTP   up                    up     

FastEthernet0/1/0          unassigned      YES unset  up                    up     

FastEthernet0/1/1          unassigned      YES unset  up                    down   

FastEthernet0/1/2          unassigned      YES unset  up                    up     

FastEthernet0/1/3          unassigned      YES unset  up                    down   

FastEthernet0/1/4          unassigned      YES unset  up                    up     

FastEthernet0/1/5          unassigned      YES unset  up                    up     

FastEthernet0/1/6          unassigned      YES unset  up                    up     

FastEthernet0/1/7          unassigned      YES unset  up                    up     

FastEthernet0/1/8          unassigned      YES unset  up                    down   

Dot11Radio0/5/0            unassigned      YES NVRAM  up                    up     

Dot11Radio0/5/0.1          unassigned      YES unset  up                    up     

Dot11Radio0/5/0.100        unassigned      YES unset  up                    up     

Vlan1                      unassigned      YES NVRAM  up                    up     

Vlan100                    unassigned      YES NVRAM  up                    up     

NVI0                       10.1.10.2       YES unset  up                    up     

BVI1                       10.0.1.1        YES NVRAM  up                    up     

BVI100                     10.1.1.1        YES NVRAM  up                    up     

Loopback0                  10.1.10.2       YES NVRAM  up                    up     

UC_540#

ADAM CRISP Mon, 01/23/2012 - 04:00
User Badges:
  • Silver, 250 points or more

OK.


Please now capture an incoming SIP Invite

Were looking for something like this:

INVITE sip:[email protected]:5060 SIP/2.0


Please can your post your invite ?


thanks

reclaimuk Mon, 01/23/2012 - 04:10
User Badges:

This is the SIP invite provided by the ITSP, after which is returned the 500 Server Error:


Frame 3 (1320 bytes on wire, 1320 bytes captured)
Arrival Time: Jan 23, 2012 12:02:55.904806000
Internet Protocol, Src: 91.151.2.130 (91.151.2.130), Dst: 82.38.242.91 (82.38.242.91)
User Datagram Protocol, Src Port: sip (5060), Dst Port: 60589 (60589)
Session Initiation Protocol
    Request-Line: INVITE sip:[email protected]:60589 SIP/2.0
        Method: INVITE
        Request-URI: sip:[email protected]:60589
            Request-URI User Part: 08455240241
            Request-URI Host Part: 82.38.242.91
            Request-URI Host Port: 60589
        [Resent Packet: False]
    Message Header
        Record-Route: 
        Max-Forwards: 66
        Session-Expires: 3600;refresher=uac
        Min-SE: 600
        Supported: timer, 100rel
        To: +448455240241 
            SIP Display info: +448455240241 
            SIP to address: sip:[email protected]
                SIP to address User Part: 08455240241
                SIP to address Host Part: 91.151.2.130
        From: ;tag=3536308975-891968
            SIP from address: sip:[email protected]
                SIP from address User Part: 07525632279
                SIP from address Host Part: 91.151.11.20
            SIP tag: 3536308975-891968
        Call-ID: [email protected]
        CSeq: 1 INVITE
            Sequence Number: 1
            Method: INVITE
        Allow: INVITE, BYE, OPTIONS, CANCEL, ACK, REGISTER, NOTIFY, INFO, REFER, SUBSCRIBE, PRACK, UPDATE, MESSAGE, PUBLISH
        Via: SIP/2.0/UDP 91.151.2.130;branch=z9hG4bK582c.805a1bc4.0
            Transport: UDP
            Sent-by Address: 91.151.2.130
            Branch: z9hG4bK582c.805a1bc4.0
        Via: SIP/2.0/UDP 91.151.11.20:5060;rport=5060;received=91.151.11.20;branch=z9hG4bKfe30ece2448733d40223daff4c162902
            Transport: UDP
            Sent-by Address: 91.151.11.20
            Sent-by port: 5060
            RPort: 5060
            Received: 91.151.11.20
            Branch: z9hG4bKfe30ece2448733d40223daff4c162902
        Contact: 
            Contact Binding: 
                URI: 
                    SIP contact address: sip:[email protected]:5060
        Content-Type: application/sdp
        Content-Length: 448
    Message Body
        Session Description Protocol
            Session Description Protocol Version (v): 0
            Owner/Creator, Session Id (o): msx1-voip-unlimited-net 3066282 0 IN IP4 91.151.11.20
                Owner Username: msx1-voip-unlimited-net
                Session ID: 3066282
                Session Version: 0
                Owner Network Type: IN
                Owner Address Type: IP4
                Owner Address: 91.151.11.20
            Session Name (s): sip call
            Connection Information (c): IN IP4 91.151.8.181
                Connection Network Type: IN
                Connection Address Type: IP4
                Connection Address: 91.151.8.181
            Time Description, active time (t): 0 0
                Session Start Time: 0
                Session Stop Time: 0
            Media Description, name and address (m): audio 58760 RTP/AVP 8 18 0 101
                Media Type: audio
                Media Port: 58760
                Media Protocol: RTP/AVP
                Media Format: ITU-T G.711 PCMA
                Media Format: ITU-T G.729
                Media Format: ITU-T G.711 PCMU
                Media Format: DynamicRTP-Type-101
            Media Attribute (a): rtpmap:101 telephone-event/8000
                Media Attribute Fieldname: rtpmap
                Media Format: 101
                MIME Type: telephone-event
                Sample Rate: 8000
            Media Attribute (a): fmtp:101 0-15
                Media Attribute Fieldname: fmtp
                Media Format: 101 [telephone-event]
                Media format specific parameters: 0-15
            Media Attribute (a): sqn:0
                Media Attribute Fieldname: sqn
                Media Attribute Value: 0
            Media Attribute (a): cdsc: 1 audio RTP/AVP 8 18 0 101
                Media Attribute Fieldname: cdsc
                Media Attribute Value: 1 audio RTP/AVP 8 18 0 101
            Media Attribute (a): cdsc: 5 image udptl t38
                Media Attribute Fieldname: cdsc
                Media Attribute Value: 5 image udptl t38
            Media Attribute (a): cpar: a=T38FaxVersion:0
                Media Attribute Fieldname: cpar
                Media Attribute Value: a=T38FaxVersion:0
            Media Attribute (a): cpar: a=T38FaxRateManagement:transferredTCF
                Media Attribute Fieldname: cpar
                Media Attribute Value: a=T38FaxRateManagement:transferredTCF
            Media Attribute (a): cpar: a=T38FaxMaxDatagram:160
                Media Attribute Fieldname: cpar
                Media Attribute Value: a=T38FaxMaxDatagram:160
            Media Attribute (a): cpar: a=T38FaxUdpEC:t38UDPRedundancy
                Media Attribute Fieldname: cpar
                Media Attribute Value: a=T38FaxUdpEC:t38UDPRedundancy
            Media Attribute (a): X-sqn:0
                Media Attribute Fieldname: X-sqn
                Media Attribute Value: 0
            Media Attribute (a): X-cap: 1 image udptl t38
                Media Attribute Fieldname: X-cap
                Media Attribute Value: 1 image udptl t38
ADAM CRISP Mon, 01/23/2012 - 04:18
User Badges:
  • Silver, 250 points or more

No that's OK.

Your router is registering on their SIP network.

I'll PM you

reclaimuk Mon, 01/23/2012 - 04:11
User Badges:

They look to be sending it to port 60589, not 5060? that right?

Daniele Giordano Mon, 01/23/2012 - 04:29
User Badges:
  • Gold, 750 points or more

Can you post another debug?


debug ccsip all

debug voice ccapi inout


These are not user friendly but very complete. We will look for sip negotiation issues, acl issues, dial-peer config issues, and so on.


Regards.

Actions

This Discussion

Related Content