[c-nsp] iChat AV and Cisco CBAC/NAT

Reuben Farrelly reuben-cisco-nsp at reub.net
Fri Mar 16 00:24:05 EST 2007



On 16/03/2007 5:58 AM, Jared Mauch wrote:
> On Thu, Mar 15, 2007 at 09:35:51AM -0700, matthew zeier wrote:
> 	Cisco doesn't actually care about SIP though from what I
> can tell as some of their devices (eg: 7970) don't handle SIP
> messages properly.  I don't think they test with anything but their
> own internal suites which appear to be buggy.  I was able to crash
> some older sip phones in the past by sending them a well formatted
> and innocious options message in the past.

Based on what I have seen, I would tend to agree with that, unfortunately.  I 
have a 7941 phone and I have attempted on a number of occasions to alert cisco 
via TAC cases and directly contacting people who work with cisco VoIP to some 
issues of non SIP RFC compliance with the SIP stack on the phone itself, and I 
get absolutely nowhere every time.  I've nearly given up, so I'm still stuck on 
the very oldest code for these units (8.0.2SR1a) because it's the only code 
which actually is reasonably RFC compliant and works, despite the fact that it 
has security holes and is missing some new features.

The router SIP inspection code is generally pretty good.  When it works it works 
very well and I'd recommend it, but random T releases tend to totally break it 
such that things like inbound calls don't happen, I think the idea is to wait 
for the next rebuild because usually it gets fixed again soon after... or just 
change releases or stick to mainline until you find one that works (most of the 
mainline code is good).

Reuben

(Some concerns and bugs with the code are documented at 
http://www.voip-info.org/wiki/view/Asterisk+phone+cisco+79x1+xml+configuration+files+for+SIP 
- I imagine VoIP people at cisco haven't seen this page)


More information about the cisco-nsp mailing list