[cisco-voip] CUBE not requesting codec... call fails... need to force SDP in invite...

Nick Matthews matthnick at gmail.com
Thu Jan 26 12:19:03 EST 2012 

Correct.

On Wed, Jan 25, 2012 at 2:52 PM, Lelio Fulgenzi <lelio at uoguelph.ca> wrote:
> Thanks Nick.
>
> I'm guessing after 15.1(2)T has those parameters that the Field Notice
> talked about enabled by default where you have to list specific hosts that
> can do that SIP to H323 or whatever? Trusted hosts I think they called it?
>
>
> ---
> Lelio Fulgenzi, B.A.
> Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1
> (519) 824-4120 x56354 (519) 767-1060 FAX (ANNU)
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> Cooking with unix is easy. You just sed it and forget it.
>                               - LFJ (with apologies to Mr. Popeil)
>
>
> ________________________________
> From: "Nick Matthews" <matthnick at gmail.com>
> To: "Lelio Fulgenzi" <lelio at uoguelph.ca>
> Cc: "Jonathan Charles" <jonvoip at gmail.com>, "Cisco VOIP"
> <cisco-voip at puck.nether.net>
> Sent: Wednesday, January 25, 2012 2:39:32 PM
>
> Subject: Re: [cisco-voip] CUBE not requesting codec... call fails... need to
> force SDP in invite...
>
> While MGCP is active it doesn't apply.  And usually MGCP will be
> active while internet/WAN connectivity is up.  If you had both
> internet and MPLS circuits, and MGCP depended on the MPLS, and the
> internet was unsecured (TCP/UDP 5060 open), and were before 15.1(2)T,
> you would be vulnerable.
>
> -nick
>
> On Wed, Jan 25, 2012 at 2:33 PM, Lelio Fulgenzi <lelio at uoguelph.ca> wrote:
>> We've got MGCP with SRST/H323 failover so I guess that vulnerability is
>> there.
>>
>> The thought of moving to H323 over MGCP was also considered so we could do
>> some call processing first.
>>
>> Thanks, Lelio
>>
>>
>> ---
>> Lelio Fulgenzi, B.A.
>> Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1
>> (519) 824-4120 x56354 (519) 767-1060 FAX (ANNU)
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>> Cooking with unix is easy. You just sed it and forget it.
>>                               - LFJ (with apologies to Mr. Popeil)
>>
>>
>> ________________________________
>> From: "Nick Matthews" <matthnick at gmail.com>
>> To: "Lelio Fulgenzi" <lelio at uoguelph.ca>
>> Cc: "Jonathan Charles" <jonvoip at gmail.com>, "Cisco VOIP"
>> <cisco-voip at puck.nether.net>
>> Sent: Wednesday, January 25, 2012 2:25:50 PM
>>
>> Subject: Re: [cisco-voip] CUBE not requesting codec... call fails... need
>> to
>> force SDP in invite...
>>
>> It's actually really hard to hijack MGCP via SIP.  You would need dial
>> peers pointing toward CUCM, and CUCM would have to route via MGCP.
>> MGCP takes control of that entire PRI and won't allow calls through
>> unless they're sent by CUCM.
>>
>> Now H.323 is extremely easy.  If you set up a router with a public IP
>> address not behind a firewall, and then put a PRI and some dial peers
>> that allow international dialing with 9011T and you're on IOS before
>> 15.1(2)T it's just a matter of time before you're sending calls to
>> Cuba/Russia/Eastern Europe etc.
>>
>> -nick
>>
>> On Wed, Jan 25, 2012 at 10:49 AM, Lelio Fulgenzi <lelio at uoguelph.ca>
>> wrote:
>>> I also like the idea of having it separate so if we do still maintain
>>> MGCP
>>> gateways, I'm assuming there would be some protection involved, i.e. SIP
>>> hijacking of our MGCP gateways.
>>>
>>>
>>> ---
>>> Lelio Fulgenzi, B.A.
>>> Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1
>>> (519) 824-4120 x56354 (519) 767-1060 FAX (ANNU)
>>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>> Cooking with unix is easy. You just sed it and forget it.
>>>                               - LFJ (with apologies to Mr. Popeil)
>>>
>>>
>>> ________________________________
>>> From: "Nick Matthews" <matthnick at gmail.com>
>>> To: "Lelio Fulgenzi" <lelio at uoguelph.ca>
>>> Cc: "Jonathan Charles" <jonvoip at gmail.com>, "Cisco VOIP"
>>> <cisco-voip at puck.nether.net>
>>> Sent: Wednesday, January 25, 2012 10:28:03 AM
>>>
>>> Subject: Re: [cisco-voip] CUBE not requesting codec... call fails... need
>>> to
>>> force SDP in invite...
>>>
>>> It's just an ISR, so the deployment is up to you.  Usually depends on
>>> the scale.  If it's a pilot, whatever you have around.  It's really
>>> what else you want to manage on your side and if you'll get confused
>>> with so many things on one router.  When you get higher towards the
>>> CPU capacity of the box in sessions you'll want to have a mostly
>>> dedicated box to prevent other things from hogging the CPU.  There
>>> really isn't a best practice but many organizations decide to put it
>>> on dedicated hardware to keep it simple.
>>>
>>> -nick
>>>
>>> On Wed, Jan 25, 2012 at 9:43 AM, Lelio Fulgenzi <lelio at uoguelph.ca>
>>> wrote:
>>>> Speaking of CUBE, just wondering what the common practice is for
>>>> physical
>>>> deployment. We have two routers which will eventually house our MGCP
>>>> gateways in HQ and one router at each of our remote sites, again, MGCP.
>>>>
>>>> If I want to deploy CUBE, is it usually installed separately from the
>>>> main
>>>> campus router?
>>>>
>>>> ---
>>>> Lelio Fulgenzi, B.A.
>>>> Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1
>>>> (519) 824-4120 x56354 (519) 767-1060 FAX (ANNU)
>>>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>>> Cooking with unix is easy. You just sed it and forget it.
>>>>                               - LFJ (with apologies to Mr. Popeil)
>>>>
>>>>
>>>> ________________________________
>>>> From: "Roger Wiklund" <roger.wiklund at gmail.com>
>>>> To: "Jonathan Charles" <jonvoip at gmail.com>
>>>> Cc: "Cisco VOIP" <cisco-voip at puck.nether.net>
>>>> Sent: Wednesday, January 25, 2012 3:27:19 AM
>>>> Subject: Re: [cisco-voip] CUBE not requesting codec... call fails...
>>>> need
>>>> to
>>>> force SDP in invite...
>>>>
>>>>
>>>> On Wed, Jan 25, 2012 at 3:54 AM, Jonathan Charles <jonvoip at gmail.com>
>>>> wrote:
>>>>> Because, as far as I can tell, Cisco does not support SIP to SIP on the
>>>>> CUBE... and it doesn't work.
>>>>>
>>>>> You need to be H.323 to the CUBE, then SIP to the provider.
>>>>
>>>> Hi,
>>>>
>>>> SIP-SIP is definitely the way to go, should be easier on the CPU to
>>>> not have to convert between the two, and also easier to troubleshoot.
>>>>
>>>> I'm running SIP-SIP with DO-EO and RTP flow-around.
>>>>
>>>> I wrote some notes about it that may be useful (even if you are not
>>>> running flow-around)
>>>>
>>>>
>>>>
>>>>
>>>> http://wiklunds.wordpress.com/2012/01/02/sip-delayed-offer-to-early-offer-with-rtp-flow-around-support-in-cube-8-6/
>>>>
>>>> Regards
>>>> Roger
>>>> _______________________________________________
>>>> cisco-voip mailing list
>>>> cisco-voip at puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>>
>>>> _______________________________________________
>>>> cisco-voip mailing list
>>>> cisco-voip at puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>>

More information about the cisco-voip mailing list