v3300 SIP Trunk via Outbound Proxy vMBG 2

[GZgidnick]

Here I am again with my IaaS vMCD/vMAS/vMBG setup.

vMBG is used as outbound SIP proxy.
The SIP provider requires dynamic registration, so the SIP trunk is setup using FQDN:
SIP Trunk AAPT
Trunk status red
Remote trunk endpoint sipvoice.mel.aapt.com.au : 5060
Send options keepalives Use master setting
Options interval 60
Rewrite host in PAI True
Remote RTP framesize (ms) 20
Idle timeout (s) 3600
Re-invite filtering Off
RTP address override
Local streaming False
PRACK support Enabled
Log verbosity Normal
Note: tried using the IP address to no avail.

I have configured virtual domain on the vMBG so I can resolve the FQDN to IP.

The SIP provider is up and listening on port 5060, nmap results below:
[root@vmbg ~]# nmap -v SU 202.10.4.138 -p 5060
Starting Nmap 5.51 (

http://nmap.org

) at 2015-01-09 20:45 EST
Failed to resolve given hostname/IP: SU. Note that you can't use '/mask' AND '1-4,7,100-' style IP ranges
Initiating Ping Scan at 20:45
Scanning 202.10.4.138 [4 ports]
Completed Ping Scan at 20:45, 0.03s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 20:45
Completed Parallel DNS resolution of 1 host. at 20:45, 13.00s elapsed
Initiating SYN Stealth Scan at 20:45
Scanning 202.10.4.138 [1 port]
Completed SYN Stealth Scan at 20:45, 0.25s elapsed (1 total ports)
Nmap scan report for 202.10.4.138
Host is up (0.024s latency).
PORT STATE SERVICE
5060/tcp filtered sip

Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 13.33 seconds
Raw packets sent: 6 (240B) | Rcvd: 1 (28B)

On the vMCD I have defined two network elements:
1. The SIP Provider
Name AAPT-IP
Type Other
FQDN or IP Address 202.10.4.138
Data Sharing NO
Local False
Version
Zone 1
ARID
SIP Peer Specific
SIP Peer Transport UDP
SIP Peer Port 5060
External SIP Proxy FQDN or IP Address 202.10.4.138
External SIP Proxy Transport UDP
External SIP Proxy Port 5060
SIP Registrar FQDN or IP Address 202.10.4.138
SIP Registrar Transport UDP
SIP Registrar Port 5060
SIP Peer Status Auto-Detect/Normal

2. The vMBG:
Name vMBG
Type Outbound Proxy
FQDN or IP Address 172.18.22.3
Data Sharing NO
Local False
Version
Zone 1
ARID
Outbound Proxy Specific
Outbound Proxy Transport Type UDP
Outbound Proxy Port 5060

And the SIP peer to combine them both:

SIP Peer Profile Label AAPT
Network Element AAPT-IP
Local Account Information
Registration User Name 5188252
Address Type IP Address: 172.18.22.10
Administration Options
Interconnect Restriction 1
Maximum Simultaneous Calls 10
Minimum Reserved Call Licenses 0
Administration Options
Outbound Proxy Server vMBG
SMDR Tag 777
Trunk Service 10
Zone 1
User Name 5188252
Password *******
Confirm Password *******
Authentication Option for Incoming Calls No Authentication
Subscription User Name
Subscription Password *******
Subscription Confirm Password *******



Diagnostic tests on vMBG:
[ul]
[li]Sip COnectivity tests - ok[/li]
[li]Basic Conectivity tests - ok[/li]
[li]Reviewed the TUG logs and could not find any info whatsoever[/li]
[/ul]
Diagnostic tests on vMCD
[ul]
[li]Link AAPT-IP state is OUT OF SERVICE (link down count 1) - REGISTER Failed[/li]
[li]Number of established links: 0
Number of non-established links: 1[/li]
[/ul]

Where can I find more detailed logs to see why this REGISTER failed.
I presume I need logs off the vMCD?

Any other troubleshooting tips are welcomed.

 

[ChrisMitel]

Hi,

First thing I would be doing is look at the logs on the vMCD. Next thing run a wireshark trace on the MBG by going to Border Gateway status then diagnostics run Packet trace then click start. Go back to the MCD go to maintenance commands and do sip reregister peer AAPT. Go back to your Wireshark trace, stop it then pull the trace off and take a look. Also check MCD logs after reregistering.

Regards

 

[GZgidnick]

The MCD logs are very poor. There is zero to none info there.
Are there any detailed logs I can pull using FTP from MCD?

 

[sarond]

Have you checked MoL for Article# 13-4940-00255 which is how to configure SIP Trunks with AAPT?

 

[GZgidnick]

Made a trace.
Changed the SIP Peer to request port UDP, port TCP, and port Default.

In all 3 scenarios from the vMBG to the vMCD I am getting: Destination Unreachable (Port Unreachable)

Flease find attached visual graph of all captures.

When I scan the SIP provider with nmap I am receiving confirmation that the provider is listening for SIP on TCP port 5060.

Bump, bump....

 

[GZgidnick]

Okay I think I found what the issue may be but cannot find how to change it.

On the vMBG, under Applications, Show All Connectors: It reads that sip_udp and sip_tcp connectors are disabled for my vMBG...
Anyone knows from this connectors are enabled?

 

[GZgidnick]

I love when I answer my own questions lol

For anyone else that may strugle, SIP support by default is disabled on the vMBG.
To enable SIP support on the vMBG, goto COnfiguration -> Settings -> Edit Button -> Thick the SIP support box.

Party time!

 

[warlockcode]

Hi GZgidnick

Did your last post resolved the issue you were having with registering the SIP trunk?

I have the similar issue, but for me I have dedicated SIP5 link from AAPT (private link).
I am able to register the SIP but my TW are not giving any audio, everything else works fine.

For the SIP trunk I had to put my system on server Gateway mode - 3 x NICs via the DMZ.
1. WAN - AAPT 2. DMZ 3. LAN
In the MBG, I had to put the RTP address override as the WAN Ip address - AAPT.

Cheers

 

[GZgidnick]

I also had dedicated link (private link)
TW are not getting audio at all? Internal/External calls included? Voicepath issue is almost exclusively routing issue.

Honestly I run my system into Custom Mode (although not supported from Mitel) but Network-Edge should do fine as long as you modify the routing table to achieve what you are after.
Inserting static routes can be either from the CLI or via the Web Interface -> Configuration; by adding virtual domains and configuring remote A records and adding static routes in Networks

To check the routing table and what goes where, enable SSH in the Web Interface; Security -> Remote Access -> Secure Shell settings: secure shell access = allow access only from trusted and remote management networks; allow administrative command=yes; Allow standard password = yes.
Thank use putty/windows or ssh/linux to access the MSL; ssh -l root IP.OF.v.MBG
Once logged on, use netstat -rn to view your routing table and use route add/del to add and remove routes to amend the table according to your needs.