[c-nsp] iChat AV and Cisco CBAC/NAT
Reuben Farrelly
reuben-cisco-nsp at reub.net
Fri Mar 16 00:24:05 EST 2007
On 16/03/2007 5:58 AM, Jared Mauch wrote:
> On Thu, Mar 15, 2007 at 09:35:51AM -0700, matthew zeier wrote:
> Cisco doesn't actually care about SIP though from what I
> can tell as some of their devices (eg: 7970) don't handle SIP
> messages properly. I don't think they test with anything but their
> own internal suites which appear to be buggy. I was able to crash
> some older sip phones in the past by sending them a well formatted
> and innocious options message in the past.
Based on what I have seen, I would tend to agree with that, unfortunately. I
have a 7941 phone and I have attempted on a number of occasions to alert cisco
via TAC cases and directly contacting people who work with cisco VoIP to some
issues of non SIP RFC compliance with the SIP stack on the phone itself, and I
get absolutely nowhere every time. I've nearly given up, so I'm still stuck on
the very oldest code for these units (8.0.2SR1a) because it's the only code
which actually is reasonably RFC compliant and works, despite the fact that it
has security holes and is missing some new features.
The router SIP inspection code is generally pretty good. When it works it works
very well and I'd recommend it, but random T releases tend to totally break it
such that things like inbound calls don't happen, I think the idea is to wait
for the next rebuild because usually it gets fixed again soon after... or just
change releases or stick to mainline until you find one that works (most of the
mainline code is good).
Reuben
(Some concerns and bugs with the code are documented at
http://www.voip-info.org/wiki/view/Asterisk+phone+cisco+79x1+xml+configuration+files+for+SIP
- I imagine VoIP people at cisco haven't seen this page)
More information about the cisco-nsp
mailing list