CUCM 7.1(3): call interrupt with call forward over secure H.323 gateway (SRTP)
I have to encrypt the voice stream in our voice domain which includes the connections between the H.323 gateway (to/from PSTN) and the phones and configured it on a per dial-peer base.
To secure both directions - incoming and outgoing calls - I have to enable SRTP (fallback) at the outgoing voip dial-peer to CUCM for incoming calls from PSTN and at the incoming dial-peer from CUCM for outgoing calls to PSTN.
Works fine! But......
......if a directory number in CUCM is forwarded to an external number, the call interrupts.
I dicovered how the call flow looks for this scenario after the connection is established regarding dial-peers and RTP connections (using the commands show voice call status and show voip rtp connections)
PSTN --> incoming pots dial-peer --> outgoing voip dial-peer --> incoming voip dial-peer --> outgoing pots dial-peer --> PSTN
With the show voip rtp connections command you can see two connections with source and destination IP of the gateway. It is like a gateway-to-gateway connection between two independet gateways even though it is the same device.
I tested different variations for SRTP at the voip dial-peers:
non-secure outgoing dial-peer --> non-secure incoming dial-peer : OK
secure outgoing dial-peer --> non-secure incoming dial-peer : OK
non-secure outgoing dial-peer --> secure incoming dial-peer : OK
These are the paths to get to each CCX logs through CLI. They may be helpful if you are having issues accessing RTMT or downloading logs through it.
If you want to download them you have to prefix "file get " and you can add one of the options (re...