Hi,
I have a number of users behind cisco ADSL routers which have ALG on by
default, and are causing problems.
If I ask the broadband company to add:
no ip nat service sip udp port 5060
no ip nat service H225
to the general config on their Ciscos everything works ok, but getting
them to change each one individually is a pain, and I know some SIP
carriers are working fine even with the ALG on.
There are a few errors that happen, one is a 19 second call cut.
The invite is sent, authenticated and connected to the PSTN, but when the
cisco-gateway sends the 200-OK to say the call is connected things go
wrong:
1.2.3.201 = Openser proxy
1.2.3.204 = Cisco gateway
81.1.2.218 = User agent IP.
U 1.2.3.204:51431 -> 1.2.3.201:5060
SIP/2.0 200 OK.
Via: SIP/2.0/UDP 1.2.3.201;branch=z9hG4bKf233.b0309086.0,SIP/2.0/UDP
81.1.2.218:2020;branch=z9hG4bK-13d1535f.
From: %5 <sip:101000000@sip.example.com>;tag=32750c901739579ao0.
To: <sip:00243999049102@sip.example.com>;tag=F48836B0-608.
U 1.2.3.201:5060 -> 81.1.2.218:2020
SIP/2.0 200 OK.
Via: SIP/2.0/UDP 81.1.2.218:2020;branch=z9hG4bK-13d1535f.
From: %5 <sip:101000000@sip.example.com>;tag=32750c901739579ao0.
To: <sip:00243999049102@sip.example.com>;tag=F48836B0-608.
U 81.1.2.218:2020 -> 1.2.3.201:5060
ACK sip:202000243999049102@81.1.2.218:2021 SIP/2.0.
Via: SIP/2.0/UDP 81.1.2.218:2020;branch=z9hG4bK-a8d9ae6f.
From: %5 <sip:101000000@sip.example.com>;tag=32750c901739579ao0.
To: <sip:00243999049102@sip.example.com>;tag=F48836B0-608.
U 1.2.3.201:5060 -> 81.1.2.218:2021
ACK sip:202000243999049102@81.1.2.218:2021 SIP/2.0.
Record-Route: <sip:1.2.3.201;lr=on;ftag=32750c901739579ao0>.
Via: SIP/2.0/UDP 1.2.3.201;branch=z9hG4bKf233.b0309086.2.
Via: SIP/2.0/UDP 81.1.2.218:2020;branch=z9hG4bK-a8d9ae6f.
From: %5 <sip:101000000@sip.example.com>;tag=32750c901739579ao0.
To: <sip:00243999049102@sip.example.com>;tag=F48836B0-608.
So for some reason the ACK sent by the useragent is:
ACK sip:202000243999049102@81.1.2.218:2021 SIP/2.0.
instead of:
ACK sip:202000243999049102@89.202.141.204:5060 SIP/2.0.
so openser sends the ACK back to the useragent instead of to the cisco
gateway.
The cisco gateway then keeps sending the 200 OKs because it is not getting
the reply, and finally the call times out after 19 seconds and the cisco
send a BYE.
The full trace is attached.
Sometimes this problem does not occur, but the same thing happens with the
final BYE, so the useragent sends:
BYE sip:202000243999174148@81.241.251.218:2022 SIP/2.0.
instead of:
BYE sip:202000243999174148@89.202.141.204:5060 SIP/2.0.
So openser sends the BYE back to the useragent instead of to the gateway.
Sorry for the long mail, and thanks for any pointers.
Richard
Show replies by date