jplagens
asked on
Can't call from CME to CME across VPN tunnel
I'm having trouble trying to get two Cisco CME routers to dial each other across an IPSEC vpn tunnel.
Topology is:
CME Router Site A-----SonicWall A ------ISP-----cloud-----IS P-----Soni cWall B----CME Router Site B
Site A extensions are: 5800-5899
Site B extensions are: 5900-5999
The Sonicwalls are connected via a site-to-site vpn tunnel. From a workstation behind each CME router I can ping the data and voice vlan interace of each respective side. It appears I have full connectivity.
When I try to dial across the vpn tunnel nothing happens and the phone eventually times out.
What needs to happen is Site B needs to be able to call Site A, and Site B also needs use TEHO (tail-end hop off) for 10 digit dialing through site A.
When I simulate a call using csim start xxxxxx I get:
SITE-B#csim start 5838
SITE-B#
012245: Jan 8 04:27:34.267: csim: called number = 5838, loop count = 1 ping count = 0
012246: Jan 8 04:27:34.267: //-1/xxxxxxxxxxxx/DPM/dpMa tchPeersCo re:
Calling Number=, Called Number=5838, Peer Info Type=DIALPEER_INFO_SPEECH
012247: Jan 8 04:27:34.267: //-1/xxxxxxxxxxxx/DPM/dpMa tchPeersCo re:
Match Rule=DP_MATCH_DEST; Called Number=5838
012248: Jan 8 04:27:34.267: //-1/xxxxxxxxxxxx/DPM/dpMa tchPeersCo re:
Result=Success(0) after DP_MATCH_DEST
012249: Jan 8 04:27:34.267: //-1/xxxxxxxxxxxx/DPM/dpMa tchSafModu lePlugin:
dialstring=NULL, saf_enabled=0, saf_dndb_lookup=0, dp_result=0
012250: Jan 8 04:27:34.267: //-1/xxxxxxxxxxxx/DPM/dpMa tchPeers:
Result=SUCCESS(0)
List of Matched Outgoing Dial-peer(s):
1: Dial-peer Tag=64
012251: Jan 8 04:27:34.267: csimSetupPeer peer type(2), destPat(5838), matched(2), target()
012252: Jan 8 04:27:34.267: //-1/xxxxxxxxxxxx/CCAPI/cc CallSetupR equest:
Destination=, Calling IE Present=FALSE, Mode=0,
Outgoing Dial-peer=64, Params=0x8AC32594, Progress Indication=NULL(0)
012253: Jan 8 04:27:34.267: //-1/xxxxxxxxxxxx/CCAPI/cc CheckClipC lir:
In: Calling Number=(TON=Unknown, NPI=Unknown, Screening=Not Screened, Presentation=Allowed)
012254: Jan 8 04:27:34.267: //-1/xxxxxxxxxxxx/CCAPI/cc CheckClipC lir:
Out: Calling Number=(TON=Unknown, NPI=Unknown, Screening=Not Screened, Presentation=Allowed)
012255: Jan 8 04:27:34.267: //-1/xxxxxxxxxxxx/CCAPI/cc CallSetupR equest:
Destination Pattern=58.., Called Number=5838, Digit Strip=FALSE
012256: Jan 8 04:27:34.267: //-1/xxxxxxxxxxxx/CCAPI/cc CallSetupR equest:
Calling Number=(TON=Unknown, NPI=Unknown, Screening=Not Screened, Presentation=Allowed),
Called Number=5838(TON=Unknown, NPI=Unknown),
Redirect Number=, Display Info=
Account Number=, Final Destination Flag=FALSE,
Guid=8F0018B0-5882-11E2-82 38-A5B2296 99913, Outgoing Dial-peer=64
012257: Jan 8 04:27:34.267: //-1/xxxxxxxxxxxx/CCAPI/cc _api_displ ay_ie_subf ields:
ccCallSetupRequest:
cisco-username=
----- ccCallInfo IE subfields -----
cisco-ani=
cisco-anitype=0
cisco-aniplan=0
cisco-anipi=0
cisco-anisi=0
dest=5838
cisco-desttype=0
cisco-destplan=0
cisco-rdie=FFFFFFFF
cisco-rdn=
cisco-rdntype=-1
cisco-rdnplan=-1
cisco-rdnpi=-1
cisco-rdnsi=-1
cisco-redirectreason=-1 fwd_final_type =0
final_redirectNumber =
hunt_group_timeout =0
012258: Jan 8 04:27:34.267: //-1/xxxxxxxxxxxx/CCAPI/cc IFCallSetu pRequestPr ivate:
Interface=0x87422DA4, Interface Type=3, Destination=, Mode=0x0,
Call Params(Calling Number=,(Calling Name=)(TON=Unknown, NPI=Unknown, Screening=Not Screened, Presentation=Allowed),
Called Number=5838(TON=Unknown, NPI=Unknown), Calling Translated=FALSE,
Subscriber Type Str=, FinalDestinationFlag=FALSE , Outgoing Dial-peer=64, Call Count On=FALSE,
Source Trkgrp Route Label=, Target Trkgrp Route Label=, tg_label_flag=0, Application Call Id=)
012259: Jan 8 04:27:34.271: //-1/xxxxxxxxxxxx/CCAPI/cc _get_featu re_vsa:
012260: Jan 8 04:27:34.271: :cc_get_feature_vsa malloc success
012261: Jan 8 04:27:34.271: //-1/xxxxxxxxxxxx/CCAPI/cc _get_featu re_vsa:
012262: Jan 8 04:27:34.271: cc_get_feature_vsa count is 3
012263: Jan 8 04:27:34.271: //-1/xxxxxxxxxxxx/CCAPI/cc _get_featu re_vsa:
012264: Jan 8 04:27:34.271: :FEATURE_VSA attributes are: feature_name:0,feature_tim e:23054690 72,feature _id:234
012265: Jan 8 04:27:34.271: //194/8F0018B08238/CCAPI/c cIFCallSet upRequestP rivate:
SPI Call Setup Request Is Success; Interface Type=3, FlowMode=1
012266: Jan 8 04:27:34.271: //194/8F0018B08238/CCAPI/c cCallSetCo ntext:
Context=0x896631DC
012267: Jan 8 04:27:34.271: //194/8F0018B08238/CCAPI/c c_api_call _disconnec ted:
Cause Value=47, Interface=0x87422DA4, Call Id=194
012268: Jan 8 04:27:34.271: //194/8F0018B08238/CCAPI/c c_api_call _disconnec ted:
Call Entry(Responsed=TRUE, Cause Value=47, Retry Count=0)
012269: Jan 8 04:27:34.271: csim_do_test: cid(194), ev(12), disp(0)
012270: Jan 8 04:27:34.271: csimTraceSct: cid(194),st(0),oldst(0)
012271: Jan 8 04:27:34.271: csim err csimDisconnected recvd DISC cid(194)
012272: Jan 8 04:27:34.271: //194/8F0018B08238/CCAPI/c cCallDisco nnect:
Cause Value=47, Tag=0x0, Call Entry(Previous Disconnect Cause=0, Disconnect Cause=47)
012273: Jan 8 04:27:34.271: //194/8F0018B08238/CCAPI/c cCallDisco nnect:
Cause Value=47, Call Entry(Responsed=TRUE, Cause Value=47)
012274: Jan 8 04:27:34.275: //194/8F0018B08238/CCAPI/c c_api_call _disconnec t_done:
Disposition=-11, Interface=0x87422DA4, Tag=0x0, Call Id=194,
Call Entry(Disconnect Cause=47, Voice Class Cause Code=0, Retry Count=0)
012275: Jan 8 04:27:34.275: //-1/8F0018B08238/RXRULE/r egxrule_st ack_pop_ca llinfo_int ernal: numinfo=0x0
012276: Jan 8 04:27:34.275: //194/8F0018B08238/CCAPI/c c_api_call _disconnec t_done:
Call Disconnect Event Sent
012277: Jan 8 04:27:34.275: //-1/xxxxxxxxxxxx/CCAPI/cc _free_feat ure_vsa:
012278: Jan 8 04:27:34.275: :cc_free_feature_vsa freeing 896AAA88
012279: Jan 8 04:27:34.275: //-1/xxxxxxxxxxxx/CCAPI/cc _free_feat ure_vsa:
012280: Jan 8 04:27:34.275: vsacount in free is 2
012281: Jan 8 04:27:34.275: csim_do_test: cid(194), ev(13), disp(-11)
012282: Jan 8 04:27:34.275: csimTraceSct: cid(194),st(2),oldst(0)
012283: Jan 8 04:27:34.775: csim: loop = 1, failed = 1
012284: Jan 8 04:27:34.775: csim: call attempted = 1, setup failed = 1, tone failed = 0
012285: Jan 8 04:27:34.775: //-1/xxxxxxxxxxxx/CCAPI/cc AppShutdow nMode:
ccAppShutdownMode: remove it from the queue
SiteA.txt
SiteB.txt
Topology is:
CME Router Site A-----SonicWall A ------ISP-----cloud-----IS
Site A extensions are: 5800-5899
Site B extensions are: 5900-5999
The Sonicwalls are connected via a site-to-site vpn tunnel. From a workstation behind each CME router I can ping the data and voice vlan interace of each respective side. It appears I have full connectivity.
When I try to dial across the vpn tunnel nothing happens and the phone eventually times out.
What needs to happen is Site B needs to be able to call Site A, and Site B also needs use TEHO (tail-end hop off) for 10 digit dialing through site A.
When I simulate a call using csim start xxxxxx I get:
SITE-B#csim start 5838
SITE-B#
012245: Jan 8 04:27:34.267: csim: called number = 5838, loop count = 1 ping count = 0
012246: Jan 8 04:27:34.267: //-1/xxxxxxxxxxxx/DPM/dpMa
Calling Number=, Called Number=5838, Peer Info Type=DIALPEER_INFO_SPEECH
012247: Jan 8 04:27:34.267: //-1/xxxxxxxxxxxx/DPM/dpMa
Match Rule=DP_MATCH_DEST; Called Number=5838
012248: Jan 8 04:27:34.267: //-1/xxxxxxxxxxxx/DPM/dpMa
Result=Success(0) after DP_MATCH_DEST
012249: Jan 8 04:27:34.267: //-1/xxxxxxxxxxxx/DPM/dpMa
dialstring=NULL, saf_enabled=0, saf_dndb_lookup=0, dp_result=0
012250: Jan 8 04:27:34.267: //-1/xxxxxxxxxxxx/DPM/dpMa
Result=SUCCESS(0)
List of Matched Outgoing Dial-peer(s):
1: Dial-peer Tag=64
012251: Jan 8 04:27:34.267: csimSetupPeer peer type(2), destPat(5838), matched(2), target()
012252: Jan 8 04:27:34.267: //-1/xxxxxxxxxxxx/CCAPI/cc
Destination=, Calling IE Present=FALSE, Mode=0,
Outgoing Dial-peer=64, Params=0x8AC32594, Progress Indication=NULL(0)
012253: Jan 8 04:27:34.267: //-1/xxxxxxxxxxxx/CCAPI/cc
In: Calling Number=(TON=Unknown, NPI=Unknown, Screening=Not Screened, Presentation=Allowed)
012254: Jan 8 04:27:34.267: //-1/xxxxxxxxxxxx/CCAPI/cc
Out: Calling Number=(TON=Unknown, NPI=Unknown, Screening=Not Screened, Presentation=Allowed)
012255: Jan 8 04:27:34.267: //-1/xxxxxxxxxxxx/CCAPI/cc
Destination Pattern=58.., Called Number=5838, Digit Strip=FALSE
012256: Jan 8 04:27:34.267: //-1/xxxxxxxxxxxx/CCAPI/cc
Calling Number=(TON=Unknown, NPI=Unknown, Screening=Not Screened, Presentation=Allowed),
Called Number=5838(TON=Unknown, NPI=Unknown),
Redirect Number=, Display Info=
Account Number=, Final Destination Flag=FALSE,
Guid=8F0018B0-5882-11E2-82
012257: Jan 8 04:27:34.267: //-1/xxxxxxxxxxxx/CCAPI/cc
ccCallSetupRequest:
cisco-username=
----- ccCallInfo IE subfields -----
cisco-ani=
cisco-anitype=0
cisco-aniplan=0
cisco-anipi=0
cisco-anisi=0
dest=5838
cisco-desttype=0
cisco-destplan=0
cisco-rdie=FFFFFFFF
cisco-rdn=
cisco-rdntype=-1
cisco-rdnplan=-1
cisco-rdnpi=-1
cisco-rdnsi=-1
cisco-redirectreason=-1 fwd_final_type =0
final_redirectNumber =
hunt_group_timeout =0
012258: Jan 8 04:27:34.267: //-1/xxxxxxxxxxxx/CCAPI/cc
Interface=0x87422DA4, Interface Type=3, Destination=, Mode=0x0,
Call Params(Calling Number=,(Calling Name=)(TON=Unknown, NPI=Unknown, Screening=Not Screened, Presentation=Allowed),
Called Number=5838(TON=Unknown, NPI=Unknown), Calling Translated=FALSE,
Subscriber Type Str=, FinalDestinationFlag=FALSE
Source Trkgrp Route Label=, Target Trkgrp Route Label=, tg_label_flag=0, Application Call Id=)
012259: Jan 8 04:27:34.271: //-1/xxxxxxxxxxxx/CCAPI/cc
012260: Jan 8 04:27:34.271: :cc_get_feature_vsa malloc success
012261: Jan 8 04:27:34.271: //-1/xxxxxxxxxxxx/CCAPI/cc
012262: Jan 8 04:27:34.271: cc_get_feature_vsa count is 3
012263: Jan 8 04:27:34.271: //-1/xxxxxxxxxxxx/CCAPI/cc
012264: Jan 8 04:27:34.271: :FEATURE_VSA attributes are: feature_name:0,feature_tim
012265: Jan 8 04:27:34.271: //194/8F0018B08238/CCAPI/c
SPI Call Setup Request Is Success; Interface Type=3, FlowMode=1
012266: Jan 8 04:27:34.271: //194/8F0018B08238/CCAPI/c
Context=0x896631DC
012267: Jan 8 04:27:34.271: //194/8F0018B08238/CCAPI/c
Cause Value=47, Interface=0x87422DA4, Call Id=194
012268: Jan 8 04:27:34.271: //194/8F0018B08238/CCAPI/c
Call Entry(Responsed=TRUE, Cause Value=47, Retry Count=0)
012269: Jan 8 04:27:34.271: csim_do_test: cid(194), ev(12), disp(0)
012270: Jan 8 04:27:34.271: csimTraceSct: cid(194),st(0),oldst(0)
012271: Jan 8 04:27:34.271: csim err csimDisconnected recvd DISC cid(194)
012272: Jan 8 04:27:34.271: //194/8F0018B08238/CCAPI/c
Cause Value=47, Tag=0x0, Call Entry(Previous Disconnect Cause=0, Disconnect Cause=47)
012273: Jan 8 04:27:34.271: //194/8F0018B08238/CCAPI/c
Cause Value=47, Call Entry(Responsed=TRUE, Cause Value=47)
012274: Jan 8 04:27:34.275: //194/8F0018B08238/CCAPI/c
Disposition=-11, Interface=0x87422DA4, Tag=0x0, Call Id=194,
Call Entry(Disconnect Cause=47, Voice Class Cause Code=0, Retry Count=0)
012275: Jan 8 04:27:34.275: //-1/8F0018B08238/RXRULE/r
012276: Jan 8 04:27:34.275: //194/8F0018B08238/CCAPI/c
Call Disconnect Event Sent
012277: Jan 8 04:27:34.275: //-1/xxxxxxxxxxxx/CCAPI/cc
012278: Jan 8 04:27:34.275: :cc_free_feature_vsa freeing 896AAA88
012279: Jan 8 04:27:34.275: //-1/xxxxxxxxxxxx/CCAPI/cc
012280: Jan 8 04:27:34.275: vsacount in free is 2
012281: Jan 8 04:27:34.275: csim_do_test: cid(194), ev(13), disp(-11)
012282: Jan 8 04:27:34.275: csimTraceSct: cid(194),st(2),oldst(0)
012283: Jan 8 04:27:34.775: csim: loop = 1, failed = 1
012284: Jan 8 04:27:34.775: csim: call attempted = 1, setup failed = 1, tone failed = 0
012285: Jan 8 04:27:34.775: //-1/xxxxxxxxxxxx/CCAPI/cc
ccAppShutdownMode: remove it from the queue
SiteA.txt
SiteB.txt
Why don't you through in a debug ccsip messages for us please? Along with the other debugs I mean.
ASKER
Here's some more output. I have debug ccsip messages, debug voip ccapin inout, and debug voice translation on both sides. When I call from Site B to Site A, Site A shows nothing in the debugs. That means the call is not making it across the tunnel at all.
Here's some output:
SITE-B#show debug
SCCP:
Skinny Client Control Protocol events debugging is on
DIALPEER:
debug voip dialpeer error call is ON (filter is OFF)
debug voip dialpeer error software is ON
debug voip dialpeer inout is ON (filter is OFF)
voip translation-rule
voip translation debugging is on (Filter is OFF)
CCAPI:
debug voip ccapi inout is ON (filter is OFF)
CCSIP SPI: SIP Call Message tracing is enabled (filter is OFF)
SITE-B#ping 172.19.1.1 source 172.20.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.19.1.1, timeout is 2 seconds:
Packet sent with a source address of 172.20.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/34/36 ms
SITE-B#ping 172.19.1.1 source 172.20.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.19.1.1, timeout is 2 seconds:
Packet sent with a source address of 172.20.0.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/38/68 ms
SITE-B#ping 172.19.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.19.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
SITE-B#csim start 5838
SITE-B#
012369: Jan 8 05:07:59.883: csim: called number = 5838, loop count = 1 ping count = 0
012370: Jan 8 05:07:59.883: //-1/xxxxxxxxxxxx/DPM/dpMa tchPeersCo re:
Calling Number=, Called Number=5838, Peer Info Type=DIALPEER_INFO_SPEECH
012371: Jan 8 05:07:59.883: //-1/xxxxxxxxxxxx/DPM/dpMa tchPeersCo re:
Match Rule=DP_MATCH_DEST; Called Number=5838
012372: Jan 8 05:07:59.883: //-1/xxxxxxxxxxxx/DPM/dpMa tchPeersCo re:
Result=Success(0) after DP_MATCH_DEST
012373: Jan 8 05:07:59.883: //-1/xxxxxxxxxxxx/DPM/dpMa tchSafModu lePlugin:
dialstring=NULL, saf_enabled=0, saf_dndb_lookup=0, dp_result=0
012374: Jan 8 05:07:59.883: //-1/xxxxxxxxxxxx/DPM/dpMa tchPeers:
Result=SUCCESS(0)
List of Matched Outgoing Dial-peer(s):
1: Dial-peer Tag=64
012375: Jan 8 05:07:59.883: csimSetupPeer peer type(2), destPat(5838), matched(2), target()
012376: Jan 8 05:07:59.883: //-1/xxxxxxxxxxxx/CCAPI/cc CallSetupR equest:
Destination=, Calling IE Present=FALSE, Mode=0,
Outgoing Dial-peer=64, Params=0x8AC344F4, Progress Indication=NULL(0)
012377: Jan 8 05:07:59.883: //-1/xxxxxxxxxxxx/CCAPI/cc CheckClipC lir:
In: Calling Number=(TON=Unknown, NPI=Unknown, Screening=Not Screened, Presentation=Allowed)
012378: Jan 8 05:07:59.883: //-1/xxxxxxxxxxxx/CCAPI/cc CheckClipC lir:
Out: Calling Number=(TON=Unknown, NPI=Unknown, Screening=Not Screened, Presentation=Allowed)
012379: Jan 8 05:07:59.883: //-1/xxxxxxxxxxxx/CCAPI/cc CallSetupR equest:
Destination Pattern=58.., Called Number=5838, Digit Strip=FALSE
012380: Jan 8 05:07:59.883: //-1/xxxxxxxxxxxx/CCAPI/cc CallSetupR equest:
Calling Number=(TON=Unknown, NPI=Unknown, Screening=Not Screened, Presentation=Allowed),
Called Number=5838(TON=Unknown, NPI=Unknown),
Redirect Number=, Display Info=
Account Number=, Final Destination Flag=FALSE,
Guid=34C7B1C8-5888-11E2-82 41-A5B2296 99913, Outgoing Dial-peer=64
012381: Jan 8 05:07:59.887: //-1/xxxxxxxxxxxx/CCAPI/cc _api_displ ay_ie_subf ields:
ccCallSetupRequest:
cisco-username=
----- ccCallInfo IE subfields -----
cisco-ani=
cisco-anitype=0
cisco-aniplan=0
cisco-anipi=0
cisco-anisi=0
dest=5838
cisco-desttype=0
cisco-destplan=0
cisco-rdie=FFFFFFFF
cisco-rdn=
cisco-rdntype=-1
cisco-rdnplan=-1
cisco-rdnpi=-1
cisco-rdnsi=-1
cisco-redirectreason=-1 fwd_final_type =0
final_redirectNumber =
hunt_group_timeout =0
012382: Jan 8 05:07:59.887: //-1/xxxxxxxxxxxx/CCAPI/cc IFCallSetu pRequestPr ivate:
Interface=0x87422DA4, Interface Type=3, Destination=, Mode=0x0,
Call Params(Calling Number=,(Calling Name=)(TON=Unknown, NPI=Unknown, Screening=Not Screened, Presentation=Allowed),
Called Number=5838(TON=Unknown, NPI=Unknown), Calling Translated=FALSE,
Subscriber Type Str=, FinalDestinationFlag=FALSE , Outgoing Dial-peer=64, Call Count On=FALSE,
Source Trkgrp Route Label=, Target Trkgrp Route Label=, tg_label_flag=0, Application Call Id=)
012383: Jan 8 05:07:59.887: //-1/xxxxxxxxxxxx/CCAPI/cc _get_featu re_vsa:
012384: Jan 8 05:07:59.887: :cc_get_feature_vsa malloc success
012385: Jan 8 05:07:59.887: //-1/xxxxxxxxxxxx/CCAPI/cc _get_featu re_vsa:
012386: Jan 8 05:07:59.887: cc_get_feature_vsa count is 3
012387: Jan 8 05:07:59.887: //-1/xxxxxxxxxxxx/CCAPI/cc _get_featu re_vsa:
012388: Jan 8 05:07:59.887: :FEATURE_VSA attributes are: feature_name:0,feature_tim e:23054690 72,feature _id:237
012389: Jan 8 05:07:59.887: //197/34C7B1C88241/CCAPI/c cIFCallSet upRequestP rivate:
SPI Call Setup Request Is Success; Interface Type=3, FlowMode=1
012390: Jan 8 05:07:59.887: //197/34C7B1C88241/CCAPI/c cCallSetCo ntext:
Context=0x89662894
012391: Jan 8 05:07:59.887: //197/34C7B1C88241/CCAPI/c c_api_call _disconnec ted:
Cause Value=47, Interface=0x87422DA4, Call Id=197
012392: Jan 8 05:07:59.887: //197/34C7B1C88241/CCAPI/c c_api_call _disconnec ted:
Call Entry(Responsed=TRUE, Cause Value=47, Retry Count=0)
012393: Jan 8 05:07:59.891: csim_do_test: cid(197), ev(12), disp(0)
012394: Jan 8 05:07:59.891: csimTraceSct: cid(197),st(0),oldst(0)
012395: Jan 8 05:07:59.891: csim err csimDisconnected recvd DISC cid(197)
012396: Jan 8 05:07:59.891: //197/34C7B1C88241/CCAPI/c cCallDisco nnect:
Cause Value=47, Tag=0x0, Call Entry(Previous Disconnect Cause=0, Disconnect Cause=47)
012397: Jan 8 05:07:59.891: //197/34C7B1C88241/CCAPI/c cCallDisco nnect:
Cause Value=47, Call Entry(Responsed=TRUE, Cause Value=47)
012398: Jan 8 05:07:59.891: //197/34C7B1C88241/CCAPI/c c_api_call _disconnec t_done:
Disposition=-11, Interface=0x87422DA4, Tag=0x0, Call Id=197,
Call Entry(Disconnect Cause=47, Voice Class Cause Code=0, Retry Count=0)
012399: Jan 8 05:07:59.891: //-1/34C7B1C88241/RXRULE/r egxrule_st ack_pop_ca llinfo_int ernal: numinfo=0x0
012400: Jan 8 05:07:59.891: //197/34C7B1C88241/CCAPI/c c_api_call _disconnec t_done:
Call Disconnect Event Sent
012401: Jan 8 05:07:59.891: //-1/xxxxxxxxxxxx/CCAPI/cc _free_feat ure_vsa:
012402: Jan 8 05:07:59.891: :cc_free_feature_vsa freeing 896AAA88
012403: Jan 8 05:07:59.891: //-1/xxxxxxxxxxxx/CCAPI/cc _free_feat ure_vsa:
012404: Jan 8 05:07:59.891: vsacount in free is 2
012405: Jan 8 05:07:59.891: csim_do_test: cid(197), ev(13), disp(-11)
012406: Jan 8 05:07:59.891: csimTraceSct: cid(197),st(2),oldst(0)
012407: Jan 8 05:08:00.391: csim: loop = 1, failed = 1
012408: Jan 8 05:08:00.391: csim: call attempted = 1, setup failed = 1, tone failed = 0
012409: Jan 8 05:08:00.391: //-1/xxxxxxxxxxxx/CCAPI/cc AppShutdow nMode:
ccAppShutdownMode: remove it from the queue
Here's some output:
SITE-B#show debug
SCCP:
Skinny Client Control Protocol events debugging is on
DIALPEER:
debug voip dialpeer error call is ON (filter is OFF)
debug voip dialpeer error software is ON
debug voip dialpeer inout is ON (filter is OFF)
voip translation-rule
voip translation debugging is on (Filter is OFF)
CCAPI:
debug voip ccapi inout is ON (filter is OFF)
CCSIP SPI: SIP Call Message tracing is enabled (filter is OFF)
SITE-B#ping 172.19.1.1 source 172.20.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.19.1.1, timeout is 2 seconds:
Packet sent with a source address of 172.20.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/34/36 ms
SITE-B#ping 172.19.1.1 source 172.20.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.19.1.1, timeout is 2 seconds:
Packet sent with a source address of 172.20.0.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 28/38/68 ms
SITE-B#ping 172.19.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.19.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
SITE-B#csim start 5838
SITE-B#
012369: Jan 8 05:07:59.883: csim: called number = 5838, loop count = 1 ping count = 0
012370: Jan 8 05:07:59.883: //-1/xxxxxxxxxxxx/DPM/dpMa
Calling Number=, Called Number=5838, Peer Info Type=DIALPEER_INFO_SPEECH
012371: Jan 8 05:07:59.883: //-1/xxxxxxxxxxxx/DPM/dpMa
Match Rule=DP_MATCH_DEST; Called Number=5838
012372: Jan 8 05:07:59.883: //-1/xxxxxxxxxxxx/DPM/dpMa
Result=Success(0) after DP_MATCH_DEST
012373: Jan 8 05:07:59.883: //-1/xxxxxxxxxxxx/DPM/dpMa
dialstring=NULL, saf_enabled=0, saf_dndb_lookup=0, dp_result=0
012374: Jan 8 05:07:59.883: //-1/xxxxxxxxxxxx/DPM/dpMa
Result=SUCCESS(0)
List of Matched Outgoing Dial-peer(s):
1: Dial-peer Tag=64
012375: Jan 8 05:07:59.883: csimSetupPeer peer type(2), destPat(5838), matched(2), target()
012376: Jan 8 05:07:59.883: //-1/xxxxxxxxxxxx/CCAPI/cc
Destination=, Calling IE Present=FALSE, Mode=0,
Outgoing Dial-peer=64, Params=0x8AC344F4, Progress Indication=NULL(0)
012377: Jan 8 05:07:59.883: //-1/xxxxxxxxxxxx/CCAPI/cc
In: Calling Number=(TON=Unknown, NPI=Unknown, Screening=Not Screened, Presentation=Allowed)
012378: Jan 8 05:07:59.883: //-1/xxxxxxxxxxxx/CCAPI/cc
Out: Calling Number=(TON=Unknown, NPI=Unknown, Screening=Not Screened, Presentation=Allowed)
012379: Jan 8 05:07:59.883: //-1/xxxxxxxxxxxx/CCAPI/cc
Destination Pattern=58.., Called Number=5838, Digit Strip=FALSE
012380: Jan 8 05:07:59.883: //-1/xxxxxxxxxxxx/CCAPI/cc
Calling Number=(TON=Unknown, NPI=Unknown, Screening=Not Screened, Presentation=Allowed),
Called Number=5838(TON=Unknown, NPI=Unknown),
Redirect Number=, Display Info=
Account Number=, Final Destination Flag=FALSE,
Guid=34C7B1C8-5888-11E2-82
012381: Jan 8 05:07:59.887: //-1/xxxxxxxxxxxx/CCAPI/cc
ccCallSetupRequest:
cisco-username=
----- ccCallInfo IE subfields -----
cisco-ani=
cisco-anitype=0
cisco-aniplan=0
cisco-anipi=0
cisco-anisi=0
dest=5838
cisco-desttype=0
cisco-destplan=0
cisco-rdie=FFFFFFFF
cisco-rdn=
cisco-rdntype=-1
cisco-rdnplan=-1
cisco-rdnpi=-1
cisco-rdnsi=-1
cisco-redirectreason=-1 fwd_final_type =0
final_redirectNumber =
hunt_group_timeout =0
012382: Jan 8 05:07:59.887: //-1/xxxxxxxxxxxx/CCAPI/cc
Interface=0x87422DA4, Interface Type=3, Destination=, Mode=0x0,
Call Params(Calling Number=,(Calling Name=)(TON=Unknown, NPI=Unknown, Screening=Not Screened, Presentation=Allowed),
Called Number=5838(TON=Unknown, NPI=Unknown), Calling Translated=FALSE,
Subscriber Type Str=, FinalDestinationFlag=FALSE
Source Trkgrp Route Label=, Target Trkgrp Route Label=, tg_label_flag=0, Application Call Id=)
012383: Jan 8 05:07:59.887: //-1/xxxxxxxxxxxx/CCAPI/cc
012384: Jan 8 05:07:59.887: :cc_get_feature_vsa malloc success
012385: Jan 8 05:07:59.887: //-1/xxxxxxxxxxxx/CCAPI/cc
012386: Jan 8 05:07:59.887: cc_get_feature_vsa count is 3
012387: Jan 8 05:07:59.887: //-1/xxxxxxxxxxxx/CCAPI/cc
012388: Jan 8 05:07:59.887: :FEATURE_VSA attributes are: feature_name:0,feature_tim
012389: Jan 8 05:07:59.887: //197/34C7B1C88241/CCAPI/c
SPI Call Setup Request Is Success; Interface Type=3, FlowMode=1
012390: Jan 8 05:07:59.887: //197/34C7B1C88241/CCAPI/c
Context=0x89662894
012391: Jan 8 05:07:59.887: //197/34C7B1C88241/CCAPI/c
Cause Value=47, Interface=0x87422DA4, Call Id=197
012392: Jan 8 05:07:59.887: //197/34C7B1C88241/CCAPI/c
Call Entry(Responsed=TRUE, Cause Value=47, Retry Count=0)
012393: Jan 8 05:07:59.891: csim_do_test: cid(197), ev(12), disp(0)
012394: Jan 8 05:07:59.891: csimTraceSct: cid(197),st(0),oldst(0)
012395: Jan 8 05:07:59.891: csim err csimDisconnected recvd DISC cid(197)
012396: Jan 8 05:07:59.891: //197/34C7B1C88241/CCAPI/c
Cause Value=47, Tag=0x0, Call Entry(Previous Disconnect Cause=0, Disconnect Cause=47)
012397: Jan 8 05:07:59.891: //197/34C7B1C88241/CCAPI/c
Cause Value=47, Call Entry(Responsed=TRUE, Cause Value=47)
012398: Jan 8 05:07:59.891: //197/34C7B1C88241/CCAPI/c
Disposition=-11, Interface=0x87422DA4, Tag=0x0, Call Id=197,
Call Entry(Disconnect Cause=47, Voice Class Cause Code=0, Retry Count=0)
012399: Jan 8 05:07:59.891: //-1/34C7B1C88241/RXRULE/r
012400: Jan 8 05:07:59.891: //197/34C7B1C88241/CCAPI/c
Call Disconnect Event Sent
012401: Jan 8 05:07:59.891: //-1/xxxxxxxxxxxx/CCAPI/cc
012402: Jan 8 05:07:59.891: :cc_free_feature_vsa freeing 896AAA88
012403: Jan 8 05:07:59.891: //-1/xxxxxxxxxxxx/CCAPI/cc
012404: Jan 8 05:07:59.891: vsacount in free is 2
012405: Jan 8 05:07:59.891: csim_do_test: cid(197), ev(13), disp(-11)
012406: Jan 8 05:07:59.891: csimTraceSct: cid(197),st(2),oldst(0)
012407: Jan 8 05:08:00.391: csim: loop = 1, failed = 1
012408: Jan 8 05:08:00.391: csim: call attempted = 1, setup failed = 1, tone failed = 0
012409: Jan 8 05:08:00.391: //-1/xxxxxxxxxxxx/CCAPI/cc
ccAppShutdownMode: remove it from the queue
Consider configuring GRE Tunnel
This will ensure that your packets are routed across your sites.
The issue above looks like a route issue to me.
This will ensure that your packets are routed across your sites.
The issue above looks like a route issue to me.
ASKER
I'm open to any options to get this working. I'm under some pressure and need some assistance. I greatly appreciate any help from the Experts.
SITE-B#ping 172.19.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.19.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
What is it? And ping fails? What are your voice and data subnets on both sides?
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.19.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
What is it? And ping fails? What are your voice and data subnets on both sides?
See if any of these helps
https://www.experts-exchange.com/questions/27176784/How-Cisco-VOIP-Work-over-VPN-Advantage.html
https://www.cpug.org/forums/ipsec-vpn-blade-virtual-private-networks/8991-voip-problem-through-l2l-vpn.html
http://www.voipmechanic.com/voip-over-vpn.htm
Pointers
RTP Traffic
Sip port 5060
NAT port forwarding 10000 - 20000
Packet size
Guaranteed bandwidth with QoS
Voice codec
https://www.experts-exchange.com/questions/27176784/How-Cisco-VOIP-Work-over-VPN-Advantage.html
https://www.cpug.org/forums/ipsec-vpn-blade-virtual-private-networks/8991-voip-problem-through-l2l-vpn.html
http://www.voipmechanic.com/voip-over-vpn.htm
Pointers
RTP Traffic
Sip port 5060
NAT port forwarding 10000 - 20000
Packet size
Guaranteed bandwidth with QoS
Voice codec
ASKER
SITE-B#ping 172.19.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.19.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
That is when I try to ping the voice vlan subinterface on Site A router sourcing from the outside interface of Site B router (10.0.1.5) - Remember the Cisco routers are sitting behind the Sonicwall firewalls.
Site A:
Voice subnet: 172.19.1.1
Data subnet: 172.19.0.1
Site B:
Voice subnet: 172.20.1.1
Data subnet: 172.20.0.1
I was looking at GRE tunnels. That might be what I need to do here. I'm a little confused by the commands. Here's what I came up with:
Site A
interface Tunnel0
ip address 172.21.0.1 255.255.255.0
tunnel source Gig 0/0
tunnel destination 172.19.1.1
ip route 172.20.1.1 255.255.255.0 172.21.0.2
Site B
interface Tunnel0
ip address 172.21.0.2 255.255.255.0
tunnel source Fast 0/0
tunnel destination 172.20.1.1
ip route 172.19.1.1 255.255.255.0 172.21.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.19.1.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
That is when I try to ping the voice vlan subinterface on Site A router sourcing from the outside interface of Site B router (10.0.1.5) - Remember the Cisco routers are sitting behind the Sonicwall firewalls.
Site A:
Voice subnet: 172.19.1.1
Data subnet: 172.19.0.1
Site B:
Voice subnet: 172.20.1.1
Data subnet: 172.20.0.1
I was looking at GRE tunnels. That might be what I need to do here. I'm a little confused by the commands. Here's what I came up with:
Site A
interface Tunnel0
ip address 172.21.0.1 255.255.255.0
tunnel source Gig 0/0
tunnel destination 172.19.1.1
ip route 172.20.1.1 255.255.255.0 172.21.0.2
Site B
interface Tunnel0
ip address 172.21.0.2 255.255.255.0
tunnel source Fast 0/0
tunnel destination 172.20.1.1
ip route 172.19.1.1 255.255.255.0 172.21.0.1
Site A:
Voice subnet: 172.19.1.1
Data subnet: 172.19.0.1
Site B:
Voice subnet: 172.20.1.1
Data subnet: 172.20.0.1
so
Site A
interface Tunnel0
tunnel destination 172.19.1.1
Site B
interface Tunnel0
tunnel destination 172.20.1.1
should be
site a
int tun0
tun dest 172.20.1.1
site b
int tun0
tun dest 172.19.1.1
but, if your ipsec config works site to site generally, then you have a routing or ipsec config problem. better to find and resolve the root cause!
you should be able to ping from site a:
"ping ip 172.20.1.1 source 172.19.1.1"
or something like that (i'm not entirely sure i have the syntax correct there) and opposite for the reverse direction. if you cant, thats why your call setup is no go. maybe you missed sourcing the the cme-cme traffic from addresses that are included in the ipsec tunnel ranges, so the routers are using their "outside" interfaces?
Voice subnet: 172.19.1.1
Data subnet: 172.19.0.1
Site B:
Voice subnet: 172.20.1.1
Data subnet: 172.20.0.1
so
Site A
interface Tunnel0
tunnel destination 172.19.1.1
Site B
interface Tunnel0
tunnel destination 172.20.1.1
should be
site a
int tun0
tun dest 172.20.1.1
site b
int tun0
tun dest 172.19.1.1
but, if your ipsec config works site to site generally, then you have a routing or ipsec config problem. better to find and resolve the root cause!
you should be able to ping from site a:
"ping ip 172.20.1.1 source 172.19.1.1"
or something like that (i'm not entirely sure i have the syntax correct there) and opposite for the reverse direction. if you cant, thats why your call setup is no go. maybe you missed sourcing the the cme-cme traffic from addresses that are included in the ipsec tunnel ranges, so the routers are using their "outside" interfaces?
ASKER
Site A:
SITE-A#ping 172.20.1.1 source 172.19.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.20.1.1, timeout is 2 seconds:
Packet sent with a source address of 172.19.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/28/40 ms
Connectivity is there when pinging both directions when sourcing from the inside interfaces. When VoIP dial-peers match and send to their session target where do they source from? I would think it would source from the CME address which is 172.19.1.1 and 172.20.1.1 for Site A and B.
SITE-A#ping 172.20.1.1 source 172.19.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.20.1.1, timeout is 2 seconds:
Packet sent with a source address of 172.19.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 24/28/40 ms
Connectivity is there when pinging both directions when sourcing from the inside interfaces. When VoIP dial-peers match and send to their session target where do they source from? I would think it would source from the CME address which is 172.19.1.1 and 172.20.1.1 for Site A and B.
voice-class sip bind media <source-interface>
voice-class sip bind control <source-interface>
voice-class sip bind control <source-interface>
Inside the out dial-peers that is.
ASKER
So on Site B it looks like that should be the BVI100 interface since that is the CME subnet:
SITE-B(config-dial-peer)#v oice-class sip bind media source-interface BVI100
SITE-B(config-dial-peer)#v oice-class sip bind media source-interface BVI100
bind CLI has no effect as there is no change in configuration
SITE-B(config-dial-peer)#v
SITE-B(config-dial-peer)#v
bind CLI has no effect as there is no change in configuration
ASKER
I tried setting up the GRE tunnel and the tunnel wouldn't come up.
Site A
interface Tunnel0
bandwidth 512
ip address 172.21.0.1 255.255.255.0
tunnel source vlan 100
tunnel destination 172.20.1.1
tunnel mode gre ip
no shut
ip route 172.20.1.0 255.255.255.0 172.21.0.2
Site B
interface Tunnel0
bandwidth 512
ip address 172.21.0.2 255.255.255.0
tunnel source inter BVI100
tunnel destination 172.19.1.1
tunnel mode gre ip
no shut
ip route 172.19.1.0 255.255.255.0 172.21.0.1
Site A
interface Tunnel0
bandwidth 512
ip address 172.21.0.1 255.255.255.0
tunnel source vlan 100
tunnel destination 172.20.1.1
tunnel mode gre ip
no shut
ip route 172.20.1.0 255.255.255.0 172.21.0.2
Site B
interface Tunnel0
bandwidth 512
ip address 172.21.0.2 255.255.255.0
tunnel source inter BVI100
tunnel destination 172.19.1.1
tunnel mode gre ip
no shut
ip route 172.19.1.0 255.255.255.0 172.21.0.1
from site a, try "ping 172.20.1.1 sou vl100", ie use the tunnel specs to ping and verify there is comms between each.
now, you have firewalls at both sites. do they permit protocol 47 (gre) to come in from the local subnets and go out to the internet, and does the ipsec config include protocol 47 (gre) to be tunnelled?
coming back to the ipsec config again, is the definition for traffic to be tunnelled something like (at site a)
ip 172.19.0.0/16 to 172.20.0.0/16
ip (wan facing subnet of site a router) to 172.20.0.0/16
ip (wan facing subnet of site a router) to (wan facing subnet of site b router)
and at site b, the mirror.
do the routers at each site have routes for the other sites data and voice subnets, pointing to the firewall?
do the firewalls have routes for the local subnets pointing to the routers, and routes for the other site pointing towards the internet or the ipsec tunnel - however sonicwall works?
if you get the ipsec working, you wont need the gre.
now, you have firewalls at both sites. do they permit protocol 47 (gre) to come in from the local subnets and go out to the internet, and does the ipsec config include protocol 47 (gre) to be tunnelled?
coming back to the ipsec config again, is the definition for traffic to be tunnelled something like (at site a)
ip 172.19.0.0/16 to 172.20.0.0/16
ip (wan facing subnet of site a router) to 172.20.0.0/16
ip (wan facing subnet of site a router) to (wan facing subnet of site b router)
and at site b, the mirror.
do the routers at each site have routes for the other sites data and voice subnets, pointing to the firewall?
do the firewalls have routes for the local subnets pointing to the routers, and routes for the other site pointing towards the internet or the ipsec tunnel - however sonicwall works?
if you get the ipsec working, you wont need the gre.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Closing question.