Cisco Support Community
Community Member

CallManager 8.6 on 3825 w/PIX 515e - receive call problems, outbound works

Hello again everyone.  I had made a post on the forums earlier and received an answer to my problem and I must say I am grateful.

I have now re-integrated my PIX 515E firewall to the network and I am experiencing call receiving problems again.  I had originally removed it as I thought it was causing the inbound call problem... apparently it was a "part" of the problem.

here is the current setup

Internet--->--Comcast Modem->---PIX 515E-->--3825 Router-->--Switch-->--7960 IP Phone

ip scheme:

internet->-external IP addr PIX (NAT outside)->- inside)->-3825 router G0/0( to G0/1( to switch

I have made a few configuration changes and included the Router, Firewall and SIP debug messages.  It looks like the SIP debug messages are showing bad host, which from previous information found here in the forums, is because the firewall is sending the INVITE request to the router from the PIX interface to the router.  Is there any way to correct this, or perhaps a way around this?

The router is registering with and outbound calls are working wonderfully.  Before I had re-integrated the PIX 515e firewall both outbound and inbound calls were working flawlessly.

I am wondering if anyone has any suggestions for the configuration on the PIX firewall, or if I need to redirect his post to a different forum to find help.

Any help would be appreciated.  Also, if anyone has any recommendations for the firewall configuration for improved security, please feel freeto throw them in.

I have included the relevant configuration files below in text format.

Everyone's tags (3)
Community Member

CallManager 8.6 on 3825 w/PIX 515e - receive call problems, outb

I have updated the first post with the SIP debug messages that are relevant to this problem. 

Incoming calls are making it to the router finally, but with problems.

It appears that I am having an issue with the source IP addresson the SIP INVITE as the INVITE is changed as it passes through the PIX firewall.

Is there a way to fix this while leaving the PIX firewall in place, or do I need to turn the firewall into transparent mode, or remove it completley and configure the firewall settings on the router itself?

CreatePlease to create content