I have an interesting scenario, which looks like this:
The E20 is registered with VCS Expressway, while the 9951 phone is VPNed to the same network as CUCM and registered with it.
Now when the E20 uses TLS as the default transport the call to 9951 works fine. When I switch to UDP, the call gets set up but no media goes through.
From the logs on VCS-E I can see that the first call is treated as traversal and gets routed through the traversal subzone. The second doesn't go to the traversal subzone and no media gets to Expressway so I assume the call is treated as non-traversal.
the first thing that comes to mind when you mention that the Expressway does not take media for the UDP scenario is that one or both of the ASA's might be configured to do SIP inspection for SIP over UDP. SIP and H323 ALGs are known to disrupt the firewall traversal mechanisms built into the E20 and VCS-E, in the case where the firewall performing ALG/inspection modifies or strips parts of the SIP and H323 payload.
In this scenario, you should at least make sure to disable any SIP inspection (and H323 for that matter) for the ASA sitting in between the E20 and the VCS-E, and probably on the one between VCS-E and CUCM as well.
I assume there is no NAT between the VCS-E and CUCM?
Also, out of curiosity, why would you prefer registering the E20 over UDP rather than TCP/TLS?
the VCS-E looks at the c-line (c=IN ...) when determing if a remote endpoint, in this case the E20, is located behind a NAT or not. If the ASA in between the E20 and VCS-E modifies the c-line and changes this from IN IP4 10.x.x.x to IN IP 4 81.x.x.x, the VCS-E will assume that the E20 is not behind a NAT but rather assigned with a public IP address, and will therefore not take media for the E20.
Since CUCM is behind a 1:1 NAT, what is CUCM presenting in its c-line when sending INVITE requests towards the VCS-E? Has CUCM been configured to represent that it has a public IP address?
Reason for asking is because if you see the VCS-E not taking media, it must think that neither the E20 nor CUCM is behind a NAT, so I'm guessing that CUCM is either configured to advertise a public IP address in its signaling, or that the ASA on the CUCM-side is performing ALG/inspection as well.
A diagnostics log from the VCS-E should provide answers to these questions.
IntroductionCUCM Routing RulesDial String implementation PolicyCUCM Routing LogicSIP URI Call Routing Analysis+++ Case Study: 1 ++++++ Case Study: 2 +++Conclusion
Over the last few months, I have had the privilege of working on SI...
Are you getting this error “Installer User Interface Mode Not Supported. The installer cannot run in this UI mode. To specify the interface mode, use the -i command-line option, followed by the UI mode identifier. The value UI mode identifiers...