CallManager 8.6 on 3825 w/PIX 515e - receive call problems, outbound works
Hello again everyone. I had made a post on the forums earlier and received an answer to my problem and I must say I am grateful.
I have now re-integrated my PIX 515E firewall to the network and I am experiencing call receiving problems again. I had originally removed it as I thought it was causing the inbound call problem... apparently it was a "part" of the problem.
here is the current setup
Internet--->--Comcast Modem->---PIX 515E-->--3825 Router-->--Switch-->--7960 IP Phone
internet->-external IP addr PIX (NAT outside)->-10.1.10.9(NAT inside)->-3825 router G0/0(10.1.10.10) to G0/1(10.1.20.1)-- to switch
I have made a few configuration changes and included the Router, Firewall and SIP debug messages. It looks like the SIP debug messages are showing bad host, which from previous information found here in the forums, is because the firewall is sending the INVITE request to the router from the 10.1.10.10 PIX interface to the router. Is there any way to correct this, or perhaps a way around this?
The router is registering with Voip.ms and outbound calls are working wonderfully. Before I had re-integrated the PIX 515e firewall both outbound and inbound calls were working flawlessly.
I am wondering if anyone has any suggestions for the configuration on the PIX firewall, or if I need to redirect his post to a different forum to find help.
Any help would be appreciated. Also, if anyone has any recommendations for the firewall configuration for improved security, please feel freeto throw them in.
I have included the relevant configuration files below in text format.
I have updated the first post with the SIP debug messages that are relevant to this problem.
Incoming calls are making it to the router finally, but with problems.
It appears that I am having an issue with the source IP addresson the SIP INVITE as the INVITE is changed as it passes through the PIX firewall.
Is there a way to fix this while leaving the PIX firewall in place, or do I need to turn the firewall into transparent mode, or remove it completley and configure the firewall settings on the router itself?
Are you getting this error “Installer User Interface Mode Not Supported. The installer cannot run in this UI mode. To specify the interface mode, use the -i command-line option, followed by the UI mode identifier. The value UI mode identifiers...
The below trick might come handy when you have to add a new node to a cluster but you don't have or is unsure of the security password for the publisher. This procedure has been around for ages.
1) Login into the CLI of the Publisher.