Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Host not Trusted in SIP trace, White list in SM?

Status
Not open for further replies.

rejackson

IS-IT--Management
Oct 4, 2005
627
US
Sorry for the flurry of posts today. I really am searching for answers before I post but I have been out and I am behind. I have to say that I could not have done my job over the last 10 years without the generous help of the experts out there.

I am still working on the SIP connection from SM to an ESNA officelinx server. The connection is up now and I can call to the server. Now I am dealing with calling from the server. SM reports the host is not trusted. Trusted is on in the entity link. I tried adding the IP address of the ESNA server in the location. It did not help but I did not tare everything out below that and put it all back in. Maybe I need to. I have seen several old posts about a white list in SM but I cannot find it!! Is there really one in there somewhere? This is the first entity host that has been outside of the network that SM is in.


16:23:45.411 |<--Trying--| | | (6) 100 Trying
16:23:45,412 | Remote host is not trusted | Host not trusted
16:23:45,412 | Originating Location found | Location: ESNA_UC
16:23:45,412 | Try routing to determine if eme | Location: ESNA_UC
16:23:45,412 | Request Dial Pattern route | for: sip:101348@ryanco.com:5060;transport=tcp Location: ESNA_UC
16:23:45,412 | Dial Pattern route parameters | URI Domain: ryanco.com Location: ESNA_UC
16:23:45,412 | Dial Pattern found | for: 101348 Pattern: x
16:23:45,412 | Route Policy found | Pattern: x RoutePolicyList: To-CM-for-Adjuncts
16:23:45,412 | Dial Pattern route parameters | URI Domain: ryanco.com Location: null
16:23:45,412 | Dial Pattern route parameters | URI Domain: null Location: null
16:23:45.413 |<--Forbidd-| | | (6) 403 Forbidden (Unauthorized)
16:23:45.423 |----ACK--->| | | (6) sip:101348@10.0.31.40
16:28:53.361 |--INVITE-->| | | (88) T:101348 F:101140 U:101348
16:28:53.362 |<--Trying--| | | (88) 100 Trying
16:28:53,363 | Remote host is not trusted | Host not trusted
16:28:53,363 | Originating Location found | Location: ESNA_UC
16:28:53.364 |<--Proxy A-| | | (88) 407 Proxy Authentication Required
16:28:53.381 |----ACK--->| | | (88) sip:101348@10.0.31.40
16:28:53.383 |--INVITE-->| | | (88) T:101348 F:101140 U:101348
 
can you do a "w" in traceSM and write the whole thing to a pcap so we can look at it in wireshark?

Anyway, I think you did something wrong somewhere because I've never seen "location null". I really think SM has no idea where you're coming from. And while a dial pattern match on location "ALL" should always apply, I think it may not be as it thinks it needs a valid non-null location to be able to apply the ALL rule.

I'd say you ought to rip out all your SIP entities and add them back in. Something went funky.
 
Well I finally found the White List in the SIP firewall under Network config under the Session Manager element in the System manager interface. It didn't help.

If I write the traces file how do I get it from the SM to a PC?

 
if you login with your admin account and you're in /home/you when you traceSM, it asks for a name and saves a .tar.gz in /home/you. WinSCP to get it, open in some decent zip utility and a few zip levels in you'll have a wireshark friendly capture

you can also "traceSM mylastcapture" and open it in traceSM afterwards - so I could theoretically take your trace, send it to my SM of about the same version and open it in there too if I really wanted to.
 
Looks like a SIP domain issue. Is ryanco.com the only SIP domain you are using and in the dial patterns (or ALL)? Did you include the location of the ESNA server or have an ALL location entry?

We just installed the same setup this week and it is working fine. Since we do domain based routing I do modify some of the SIP domains in the adaptation modules.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top