Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

High Availabilty CUBE

Hi

I have a pair of CUBE devices (3925 devices running IOS Version 15.1(4)M2) configured & licenced for HA mode using HSRP and redundancy.

I have one interface registering to an ITSP through a firewall, the other interface is SIP trunked to a PBX through another firewall.  This architecture cannot be changed...

config snippets

---------------

voice service voip

ip address trusted list

  ipv4 0.0.0.0 0.0.0.0

! to do - secure down to trusetd host

address-hiding

mode border-element

allow-connections sip to sip

! no H323 in this environment

redundancy

fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none

sip

  bind control source-interface GigabitEthernet0/1

  bind media source-interface GigabitEthernet0/1

  error-passthru

-----------------

dial-peer voice 200 voip

translation-profile outgoing SIP_OB

preference 1

destination-pattern .T

b2bua

session protocol sipv2

session target sip-server

session transport udp

voice-class sip dtmf-relay force rtp-nte

voice-class sip profiles 200

voice-class sip bind control source-interface GigabitEthernet0/1

voice-class sip bind media source-interface GigabitEthernet0/1

dtmf-relay rtp-nte

codec g711alaw

----------------------

dial-peer voice 101 voip

  translation-profile outgoing SIP_Trunk

destination-pattern 8.T

b2bua

rtp payload-type nte 120

session protocol sipv2

session target ipv4:x.x.x.x

session transport tcp

voice-class sip bind control source-interface GigabitEthernet0/0

voice-class sip bind media source-interface GigabitEthernet0/0

dtmf-relay rtp-nte

codec g711alaw

fax-relay ecm disable

fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback none

no vad

-------

My issue is with the binding of the HSRP address to the SIP packets;  the way this is currently configured is that the packets routing to the ITSP have an IP source of the "external" interface's (gi0/1) HSRP address - as required by ITSP (and firewall rules).  However, packets routing to the PBX from the "internal" interface (gi0/0) are also sourced from the Gi0/1 HSRP address and consequently are dropped by the internal firewall.

What I need is the CUBE to source the IP Packets from HSRP address of the interface that they leave on.  Is the only way to achieve this to source nat them? or am I missing something fundamental?

2 REPLIES

High Availabilty CUBE

i dont think you can source a traffic from HSRP VIP address !

you might use a loopback but this wont be a good option for your design !!

you could try NAT

High Availabilty CUBE

SIP & NAT do not play nice: This is kinda the reason for CUBE, after all ;-)

GTG

Please rate all helpful posts.
442
Views
0
Helpful
2
Replies
CreatePlease to create content