Invite from Cisco Gateway rejected with 403 Forbidden
Last updated on JUNE 20, 2017
Applies to:Acme Packet Legacy Platform Software - Version S-Cz6.3.9 and later
Information in this document applies to any platform.
Customer has Cisco Gateway communicating with SBC using SIP-connect Method. With this configuration Cisco Gateway registers with SBC through a single user (Pilot Number) for all extensions.
Using this SIP connect method, Invites from Cisco contained From-URI and Contact-URI of specific endpoints rather than what was registered (pilot number in registration cache). WIth this "allow-anonymous" parameter cannot be used. as there will be no cache entry of all endpoints of Cisco. and SBC would reject them with 403 forbidden.
We had the same error "403 forbidden" when calling from Cisco Gateway. There were other Cisco Gateway in the system where calls worked fine.
In the SBC configuration of sip-connect, we need to ensure if :
1) We have Cisco Gateway registered properly, and we have its registration cache entry created. (Use command : show sipd endpoint)
2) Using this SIP connect method, SBC performs allow-anonymous checking based on registered "Via" address, hence even if all users (endpoints) do not have registration cache entry, their VIA address will be same (Cisco Gateway on which endpoints exist)
3) Option "sip-coonect-pbx-reg" should be set in specific realm
4) As for all the invites from Cisco Gateway contains "From" value of endpoint extension (which is unknown to SBC), and if allow-anonymous is set to "registered", option "reg-via-key" must be set in sip-interface, so that "via" field is matched in incoming invite and registration-cache entry of SBC.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms