cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3031
Views
0
Helpful
10
Replies

SIP IP based authentication

shiblyibrahim
Level 3
Level 3

Guys,

I am having an issue. The SIP provider is based on IP based on authentication but for some reason they see the private ip and not the public IP causing the call to disconnect.

 

How can I resolve this.

 

000555: Jul 29 04:58:09.172: //31644/D205442686BB/SIP/Call/sipSPICallInfo:
The Call Setup Information is:
Call Control Block (CCB) : 0x0x32529900
State of The Call        : STATE_DEAD
TCP Sockets Used         : NO
Calling Number           : 08455195390
Called Number            : 077xxxxxxxx
Source IP Address (Sig  ): 192.168.0.160
Destn SIP Req Addr:Port  : 83.166.160.240:5060
Destn SIP Resp Addr:Port : 83.166.160.240:5060
Destination Name         : 83.166.160.240

Managed247-2911#
000556: Jul 29 04:58:09.172: //31644/D205442686BB/SIP/Call/sipSPIMediaCallInfo:
Number of Media Streams: 1
Media Stream             : 1
Negotiated Codec         : No Codec  
Negotiated Codec Bytes   : 0
Nego. Codec payload      : 255 (tx), 255 (rx)
Negotiated Dtmf-relay    : 0
Dtmf-relay Payload       : 0 (tx), 0 (rx)
Source IP Address (Media): 192.168.0.160
Source IP Port    (Media): 16780
Destn  IP Address (Media):  -
Destn  IP Port    (Media): 0
Orig Destn IP Address:Port (Media): [ - ]:0

000557: Jul 29 04:58:09.172: //31644/D205442686BB/SIP/Call/sipSPICallInfo:
Disconnect Cause (CC)    : 57
Disconnect Cause (SIP)   : 403

Please rate the post Shibly Ibrahim
10 Replies 10

paolo bevilacqua
Hall of Fame
Hall of Fame

Possibly you are not using a Cisco router, or a router that supports SIP ALG in NAT.

So addresses in packet payload are not translated, and things don't work.

Hey Paolo,

Thanks. But, I am using ISR G2 router. Any suggestions?

Please rate the post Shibly Ibrahim

Is the router configured as CUBE? Depending on that you need to take different debugs to see what's goign on.

Thanks Paolo. BTW the IP based authentication SIP server is a backup and the main is username based server.

Please find the debug here and when I checked with the provider they can see the call coming but they see the private ip

 
000687: Jul 30 02:27:42.398: //47801/F798E2B58733/SIP/Msg/ccsipDisplayMsg:
Sent:
INVITE sip:0094777306946@83.166.160.240:5060 SIP/2.0
Via: SIP/2.0/UDP 192.168.0.160:5060;branch=z9hG4bK172391A0A
Remote-Party-ID: "Shibly Ibrahim" <2012>;party=calling;screen=no;privacy=off
From: "Shibly Ibrahim" <>08455195390@sip.voip-unlimited.net>;tag=D7AB948-11F2
To: <0094777306946>
Date: Mon, 30 Jul 2012 02:27:42 GMT
Call-ID: F963DF1D-D92411E1-8739A905-B15FF64@192.168.0.160
Supported: 100rel,timer,resource-priority,replaces,sdp-anat
Min-SE:  1800
Cisco-Guid: 4153991861-3643019745-2268309765-0185991012
User-Agent: Cisco-SIPGateway/IOS-15.2.3.T1
Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY, INFO, REGISTER
CSeq: 101 INVITE
Max-Forwards: 70
Timestamp: 1343615262
Contact: <08455195390>
Call-Info: <192.168.0.160:5060>;method="NOTIFY;Event=telephone-event;Duration=2000"
Expires: 180
Allow-Events: telephone-event
Content-Type: application/sdp
Content-Disposition: session;handling=required
Content-Length: 277

v=0
o=CiscoSystemsSIP-GW-UserAgent 3718 3974 IN IP4 192.168.0.160
s=SIP Call
c=IN IP4 192.168.0.160
t=0 0
m=audio 16828 RTP/AVP 0 18 8 19
c=IN IP4 192.168.0.160
a=rtpmap:0 PCMU/8000
a=rtpmap:18 G729/8000
a=fmtp:18 annexb=no
a=rtpmap:8 PCMA/8000
a=rtpmap:19 CN/8000

000688: Jul 30 02:27:42.414: //47801/F798E2B58733/SIP/Msg/ccsipDisplayMsg:
Received:
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 192.168.0.160:5060;received=213.249.189.234;branch=z9hG4bK172391A0A
From: "Shibly Ibrahim" <>08455195390@sip.voip-unlimited.net>;tag=D7AB948-11F2
To: <0094777306946>
Call-ID: F963DF1D-D92411E1-8739A905-B15FF64@192.168.0.160
CSeq: 101 INVITE
Content-Length: 0


000689: Jul 30 02:27:42.418: //47801/F798E2B58733/SIP/Msg/ccsipDisplayMsg:
Received:
SIP/2.0 403 Forbidden
Via: SIP/2.0/UDP 192.168.0.160:5060;received=213.249.189.234;branch=z9hG4bK172391A0A
To: <0094777306946>;tag=3552604062-414565
From: "Shibly Ibrahim" <>08455195390@sip.voip-unlimited.net>;tag=D7AB948-11F2
Call-ID: F963DF1D-D92411E1-8739A905-B15FF64@192.168.0.160
CSeq: 101 INVITE
Allow: INVITE, BYE, OPTIONS, CANCEL, ACK, REGISTER, NOTIFY, INFO, REFER, SUBSCRIBE, PRACK, MESSAGE, PUBLISH
Contact: <0094777306946>
Call-Info: <83.166.160.240>;method="NOTIFY;Event=telephone-event;Duration=2000"
Content-Length: 0


000690: Jul 30 02:27:42.418: //47801/F798E2B58733/SIP/Call/sipSPICallInfo:
The Call Setup Information is:
Call Control Block (CCB) : 0x0x3254D690
State of The Call        : STATE_DEAD
TCP Sockets Used         : NO
Calling Number           : 08455195390
Called Number            : 0094777306946
Source IP Address (Sig  ): 192.168.0.160
Destn SIP Req Addr:Port  : 83.166.160.240:5060
Destn SIP Resp Addr:Port : 83.166.160.240:5060
Destination Name         : 83.166.160.240

000691: Jul 30 02:27:42.418: //47801/F798E2B58733/SIP/Call/sipSPIMediaCallInfo:
Number of Media Streams: 1
Media Stream             : 1
Negotiated Codec         : No Codec  
Negotiated Codec Bytes   : 0
Nego. Codec payload      : 255 (tx), 255 (rx)
Negotiated Dtmf-relay    : 0
Dtmf-relay Payload       : 0 (tx), 0 (rx)
Source IP Address (Media): 192.168.0.160
Source IP Port    (Media): 16828
Destn  IP Address (Media):  -
Destn  IP Port    (Media): 0
Orig Destn IP Address:Port (Media): [ - ]:0

000692: Jul 30 02:27:42.418: //47801/F798E2B58733/SIP/Call/sipSPICallInfo:
Disconnect Cause (CC)    : 57
Disconnect Cause (SIP)   : 403

Please rate the post Shibly Ibrahim

Hi !

What is the IP you have binded in SIP profile or in Voice service voip.

Once you bind the required interface (where you have Public IP address) all the SIP signalling message will initiate by respective interface.

Hello, I'm configure a sip ip authenticaton, to support a talk free number from my provider in USA, but we are facing an issue 528 STATUS: 408 REQUEST TIMEOUT on my SP side but on my side I see the the ERROR Dec 2 18:56:17.823: %SEC-6-IPACCESSLOGP: list VOIP-IN denied udp 196.29.197.53(137) -> 172.30.192.255(137), 1534029 packets Dec 2 18:56:17.823: %SEC-6-IPACCESSLOGP: list VOIP-IN denied udp 172.30.192.159(138) -> 172.30.192.255(138), 1 packet Dec 2 18:56:17.823: %SEC-6-IPACCESSLOGP: list VOIP-IN denied udp 196.29.197.21(137) -> 196.29.197.63(137), 2 packets LADMGARE03# Any suggestion? Thanks Pedro

Hi Pedro,

Is the IP 196.29.197.21 of your ISP? If yes, have you configured "Voip-In"access list to allow the ITSP IP address? 

If after fixing the access list you still have issue then please collect "debug ccsip message"and "debug voip ccapi inout" log for a test call and share the call details.

 

Jorge Armijo
Level 4
Level 4

If NAT is made on the same GW you can configure Inspection on the NAT outside interface; that will make aware the NAT about the Headers that need to be translated and not only the L3 address.

Sent from Cisco Technical Support Android App

-- Jorge Armijo Please remember to rate helpful responses and identify helpful or correct answers.

Hey Jorge,

I hope my explanation of the toplogy helped?

Please rate the post Shibly Ibrahim

shiblyibrahim
Level 3
Level 3

But for some reason it doesnt do the job. May be the topology would explain. Router is connected to the firewall via a single interface. Firewall is doing the NATing but for some stupid reason it keeps going out as the private ip.

Please rate the post Shibly Ibrahim
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: