RE: problems with sip troug cbac router

From: Church, Chuck (cchurch@multimax.com)
Date: Sat Sep 23 2006 - 10:07:02 ART

• Next message: Montgomery, Jerry: "Passed!!!! CCIE #16900"
• Previous message: Pavel Markov: "And one more number to go..."
• Maybe in reply to: Jens Petter: "problems with sip troug cbac router"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

The problem we were having is that phones would sometimes have a problem
registering with the SIP softswitch (Broadworks). Packet captures
showed the softswitch sending a 400 'content length is wrong' message
when you tried to place a phone call. Phone would get a fast busy
message. It turns out that Cisco NAT in later versions will modify the
addresses in the SIP header, in an attempt to make SIP more
NAT-friendly. But it turns out that many SIP softswitches have their
own mechanisms for dealing with this, so it works while passing through
a cheap home-grade PAT router. So these two devices both trying to deal
with NAT/PAT conflict, and stuff doesn't work. Issuing that 'no ip nat
service...' command stops IOS from changing the address(es) in the SIP
header, and all our problems went away. I don't know if that's your
problem (packet capture would tell you for sure, Ethereal is what gave
us the 'content length is wrong' error).

 
Chuck Church
Network Engineer
CCIE #8776, MCNE, MCSE
Multimax, Inc.
Enterprise Network Engineering
Home Office - 864-335-9473
Cell - 864-266-3978
cchurch@multimax.com
 

> -----Original Message-----
> From: Jens Petter [mailto:jenseike@start.no]
> Sent: Friday, September 22, 2006 11:18 AM
> To: Church, Chuck; 'Cisco certification'
> Subject: RE: problems with sip troug cbac router
>
> Hi...
>
> I tried to enter in this command to the ios, but the output
> did not show it.
> Does not that mean that it is disabled by default?.. I tried
> to read up on what this would do with my problem, but I where
> not able to really understand it.. If you could please
> explain that to me..? Why do I need this command, what does
> it do for me?
>
> Jens
>
> -----Original Message-----
> From: Church, Chuck [mailto:cchurch@multimax.com]
> Sent: 21. september 2006 21:32
> To: Jens Petter; Cisco certification
> Subject: RE: problems with sip troug cbac router
>
> I had a similar problem. CBAC wasn't the problem. NAT was.
> Try adding
>
>
> no ip nat service sip tcp port 5060
> no ip nat service sip udp port 5060
>
> to the config. This is despite the fact that NAT service
> (payload modification of addresses) should be off by default...
>
> http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/product
> s_feature_
> guide09186a0080087d43.html#wp1031752
>
> We spent a lot of time figuring this out...
>
> Chuck Church
> Network Engineer
> CCIE #8776, MCNE, MCSE
> Multimax, Inc.
> Enterprise Network Engineering
> Home Office - 864-335-9473
> Cell - 864-266-3978
> cchurch@multimax.com

• Next message: Montgomery, Jerry: "Passed!!!! CCIE #16900"
• Previous message: Pavel Markov: "And one more number to go..."
• Maybe in reply to: Jens Petter: "problems with sip troug cbac router"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:41 ART