NOP, just NOP

Networking | 2009-04-10 09:59:55

Well, I’ve been having issues with my SIP registration from iiNet working within Cisco CME.

When doing a debug ccsip all, it appeared that I wasn’t receiveing a SIP INVITE, and that I would constantly throw out REGISTER’s but not hear anything back.

Yesterday I started thinking that maybe there was a something in my firewall ACL that was blocking the connection, but when I looked at it i couldn’t see anything wrong with it. I decided to add permit tcp any any eq 5060 just to make sure things were happening, and then I saw this response:

10 permit tcp any any eq 5060 (18 matches)

So things were happening but something still wasnt right.

I had spent most of the day looking over the config and trying different solutions around the net but nothing helped. This morning I decided to revisit the config and started with the ACL’s. Then I noticed this.

240 deny udp any any eq 1024 (128 matches)

I had borrowed an ACL from our work access layer switches, designed to filter out commonly used virus ports and this was one of the entries. It looked like the SIP response from iiNet was replying on udp port 1024 for the INVITE message which was of course blocked. As soon as I removed this registration went straight through and calls started routing.

Hope this helps saves the headaches that i had.