[VoiceOps] Cisco 7941 SIP

Peter E peeip989 at gmail.com
Tue Oct 6 23:03:24 EDT 2015

You're preaching to the choir, Mark. As a company, for BYOD, we take a stance of, we'll supply the SIP credentials but we won't support the device. But anyone in an operations role knows what that really means -- do whatever it takes to get them working and happy. 

I'll share your comments with those that believe the opposite about BYOD and scale. It will make for an interesting debate.

On Oct 6, 2015, at 22:52, Mark Lindsey <lindsey at e-c-group.com> wrote:

1. In Hosted PBX, accommodating new, non-productized devices that the customer just has to keep is the price you pay to enjoy slow growth (because the engineering effort for the customer is immense), poor reliability (because you can test much less), and an unsupportable customer deployments (because the support team isn't equipped to support this "product"). 

2. In Hosted PBX, the demarc is the audible voice on the speaker and the input to the microphone. Supporting random devices the customer brings you makes it impossible for you to fulfill your end of the bargain: make this voice stuff work every time for every call. 

3. The best thing to do with a customer's old device is trade in credit then liquidate.

4. Cisco 79xx SIP has gone back and forth on symmetric sip signaling over the past few decades. But generally, when nat is involved, the sip phone has to do symmetric sip ports -- I.e., it must use the same port numbers for both sending sip and receiving sip. (And when carrier SBCs are involved, it needs to use the same port number for all sip transactions, not just those related to direct call control).

But I remember Cisco 79xx configs having a "nat_enable" or similar flag that actually enable the symmetric sip. 

mailto:mark at ecg.co 
tel:+1-229-316-0013 http://ecg.co/lindsey

> On Oct 6, 2015, at 17:10, Pete E <peeip989 at gmail.com> wrote:
> Greetings Voice Operators,
> We have an interesting (code word for annoying) challenge that we've never dealt with before, probably because we don't do much with Cisco phones. We have a new customer coming on who wants to keep their very old Cisco 7941 phones. They have a few offices and the phones work as expected behind an Edgemarc. However, they also have 100+ home users, and that's where the issue comes in.
> Apparently Cisco introduced a security "feature" where they create the session using a random high numbered port (e.g. 49123) but in the Via header, they say to respond to private IP, port 5060. So when the SBC sees the private address it assumes it is being NAT'd through a firewall and replies back to public IP, port 49123. What we're seeing is that the home router passes the response back to private IP, port 49123, which the phone doesn't accept (because it wants it on 5060) and the REGISTER fails.
> As you know most home routers are poor at handling ALG (and we've tested and found they are equally bad at handling this scenario). We (and the customer) don't want to troubleshoot 100+ individual home routers. 
> We haven't found a way to turn off this really awesome "feature" so we're trying to find other solutions. Anyone been through this and have any suggestions?
> Thanks,
> Pete
> _______________________________________________
> VoiceOps mailing list
> VoiceOps at voiceops.org
> https://puck.nether.net/mailman/listinfo/voiceops
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/voiceops/attachments/20151006/6079d832/attachment.html>

More information about the VoiceOps mailing list