11-15-2010 03:38 PM - edited 03-16-2019 01:56 AM
Hi Guys,
We have a plan to deploy SAF in our company, so I did some test in the past a few weeks.
The result list below: (CME 8.1, CCM 8.0.3)
1. CME --> SAF FW --> CCM. Call from CME to CCM is successful.
2. CCM --> SAF FW --> CME. Can't call from CCM to CME. CME router can receive H323 or SIP signaling, but call reject.
3. CME --> SAF FW --> SAF FW --> CME. Can't call between CME. CME router can receive H323 or SIP signaling, but call reject.
I thougt it is the CME router SAF inbond dial peer problem. I can't set up the SAF inbond dial peer cause it is the dynamic incoming dial peer.
From Cisco document, "Voice Service Advertisement Framework Feature":
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
The patterns you configure are prepended with a site code before being advertised, creating an incoming
dynamic dial peer with the translation rule to remove the site code from the dialed number.
For example:
site-code : 333
voice translation-rule 2000000001
rule 1 /^333\(...\)/ /\1/
A block of dial-peer tags in the range of 1073741824–2147483647 are used by Voice SAF. The static
dial-peer tag range is lowered to 1–1073741823. The dynamic incoming dial peers described in the
previous example are created using a tag in the Voice SAF range.
Only one incoming dial peer is created for a trunk route advertising SIP and H.323 signaling. Similarly,
translation rule tags in the range of 1073741824–2147483647 are used for Voice SAF.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Someone can help me?
Many thanks,
Jeffrey
08-23-2011 05:01 PM
Jeffery,
Did you ever find a solution?
I am doing a proof of concept and I am experiencing the same behavior..
06-07-2012 03:06 AM
try this command on IOS..In IOS 15.X its a security feature to prevent fraud...
voice service voip
no ip address trusted authenticate
or if u wanna keep router secured..then something like this ...depending on the IP used in your network..
voice service voip
ip address trusted list
ipv4 10.0.0.0 255.255.255.0
I hope this helps...
06-07-2012 05:09 AM
Guys,
I had similar experience until I allowed CUCM ip under my trusted authenticated list
voice service voip
ip address trusted list ipv4: x.x.x.x y.y.y.y
x.x.x.x.=cumc ip address..
If you do a debug voip ccapi and ccsip messages you should get a disconnect cause of 21. That will confirm that its the ip address trust list issue
Please rate useful posts
"I am complete in God, God completes me"
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide