Symptom
One way audio will appear for phone calls when the router is configured with IOS-XE+ZBFW+CUBE and the class map defined to match the TCP SIP packets is using an ACL.
Then, the traffic is just classified as TCP as the following:
Session ID 0x00000036 (30.30.30.30:43154)=>(10.0.0.100:5060) tcp SIS_OPEN
Created 00:08:03, Last heard 00:00:03
Session ID 0x00000045 (20.0.0.200:52137)=>(20.0.0.254:5060) tcp SIS_OPEN
Ideally, for having a working scenario, the traffic must be recognized by ZBFW as the following:
Session ID 0x000001A6 (20.0.0.254:53231)=>(20.0.0.200:5060) sip SIS_OPEN
Session ID 0x000001BF (30.30.30.30:58139)=>(10.0.0.100:5060) sip SIS_OPEN
NOTE: Use "show policy-firewall sessions platform all detail" to verify if the signaling is not being treated as SIP.
Conditions
- IOS-XE
- ZBFW on router.
- CUBE on router.
- Voice solution using TCP SIP on standard port
- ACL is used in class map to match the SIP packets.
Workaround
There are two possible workarounds:
1- For the ZBFW to recognize the TCP 5060 packets as SIP by using a class map that matches the traffic by protocol and not an ACL. For example:
class-map type inspect match-any sip-class
match protocol sip <----------------------------------------------------
It is the only way to force the ZBFW to recognize TCP 5060 packets as SIP. If and ACL is used, the ZBFW will not recognize TCP 5060 as SIP and the RTP might expect to be dropped.
2- The defect is only for TCP 5060, therefore, if UDP SIP is used, the class map can be used with ACL.
However, this workaround might be complicated to implement in a real environment since it would require the SIP provider to change their config too.
Further Problem Description
The issue was initially seen in Cisco IOS XE Software, Version 16.09.03 and reproduced also in 16.09.04 version.
