Release Notes for Cisco Unified SIP Proxy Release 10.1
First Published: November 25, 2019
Modified Date: April 22, 2020
This document describes the new features, system requirements, licensing information, and caveats for Cisco Unified SIP Proxy Release 10.1. Use this document in conjunction with the caveats listed in Caveats.
Cisco Unified SIP Proxy is a high-performance, highly available Session Initiation Protocol (SIP) server for centralized routing and SIP signaling normalization. By forwarding requests to call-control domains, Cisco Unified SIP Proxy provides the means for routing sessions within enterprise and service provider networks. Cisco Unified SIP Proxy provides multiple features, including SIP trunk aggregation, name resolution, routing, load balancing, scalability, and High Availability.
Cisco Unified SIP Proxy 10.1 is delivered as an Open Virtual Appliance (OVA) and can be installed as a virtual machine on Cisco UCS platform. For more information on virtual machine requirements to install Cisco Unified SIP Proxy Release 10.1, see Virtual Machine Requirements for Cisco Unified SIP Proxy 10.1. Cisco Unified SIP Proxy Release 10.1 supports CISCO-USP-MIB through SNMP.
Cisco Smart Software Licensing is a standardized licensing platform that facilitates you to deploy and manage Cisco software licenses easily and quickly. Cisco Smart Software Licensing establishes a pool of software licenses that can be used across your network in a flexible and automated manner. It also provides visibility to your purchased and deployed licenses in your network. Cisco Smart Software Licensing removes the need for Product Activation Keys (PAKs) and reduces your license activation and registration time.
Some components of the software created for Cisco Unified SIP Proxy Release 10.1 are provided through open source or commercial licensing. These components and the associated copyright statements can be found at:
New Features and Enhancements for Cisco Unified SIP Proxy Release 10.1
The following features and enhancements are introduced in Cisco Unified SIP Proxy Release 10.1:
HTTPS is enabled by default. You need not manually generate a crypto key and pass it to the web session security to enable HTTPS. However, you should be able to import a signed certificate that you generated externally, and update the web session with this new key label. The command no web session security keylabel labelname is disabled. Therefore all the HTTP requests will be redirected to HTTPS. Only the latest connection is retained and the remaining connections are logged out.
Smart Agent is upgraded to latest version 3.0.9.
New and Modified CLI Commands
New and Modified CLI Commands in Cisco Unified SIP Proxy Release 10.1
The following command is modified in Cisco Unified SIP Proxy Release 10.1:
no web session security keylabel labelname— This command is disabled. The following sample output indicates the behavior of Cisco Unified SIP Proxy Release 10.1 when trying to run the command no web session security keylabel labelname.
se-10-1-0-1(config)#no web session security keylabel mainkey.ourcompany
!!! INFO: HTTPS is the only web interface option for this version of vCUSP.
Hence, no web session security is disabled.
Limitations and Restrictions
Cisco Unified SIP Proxy Release 10.1 has the following restrictions:
Cisco Unified SIP Proxy Release 10.1 supports only TLS v1.2 for HTTPS.
Changing the default log file size impacts the performance of Cisco Unified SIP Proxy.
High availability of Cisco Unified SIP Proxy virtual machine on both Cisco UCS and Cisco UCS-E platform is not supported as part of Cisco Unified SIP Proxy Release 10.1.
Cisco Unified SIP Proxy Release 10.1 does not support installation of VMware Tools or any 3rd party tools in a Linux environment.
Configuring Fast Ethernet 02 Interface is not supported.
From Cisco Unified SIP Proxy Release 10.0 onwards, the directory structure presented to the FTP users is changed. As a result, importing route table from an XML file will not work. We recommend users to utilize the Add Route function in the vCUSP GUI for this purpose.
Caveats describe unexpected behavior in Cisco Unified SIP Proxy Release 10.1. To see the caveats associated with Cisco Unified SIP Proxy Release 10.1, use the Bug Search Tool at: https://tools.cisco.com/bugsearch/search.
The following issues were resolved in Cisco Unified SIP Proxy Release 10.1
Few web pages are vulnerable to Cross-Site Scripting and Cross-Site Request Forgery
Vulnerability due to "Port Listener Command Injection"
CIAM alert reported on the Struts Component
CIAM Alert reported on the BIND component
CIAM alert reported on apache-tomcat component
Evaluation of unified-sip-proxy for TCP_SACK
vCUSP 10: Add support for sub-interfaces for IP aliasing
SysDB errors / Entitlement count check causing flood of messages.log
CUSP: Ciam alert on BIND component - CVE-2018-5741
CUSP: Ciam alert on Open ssh component - CVE-2018-15473
Smart Licensing configuration data should get erased post "restore factory default"
GUI page is not accessible through the second Interface
CIAM Alert due to OpenSSL component on CUSP
CUSP: on GUI sip call logs are not showing when clicking callID
With different IP addresses, CUSP does not come up after Backup-Restore
Show outputs needs correction when sub-interfaces are present in 10.X
Option of configuring "ip route using interfaces” needs to added on CUSP 10.X
Checkboxes in CUSP UI not functioning correctly on Firefox 63.0.3 and newer versions
There are no open caveats for Cisco Unified SIP Proxy Release 10.1.
Migration to Cisco Unified SIP Proxy 10.1
Migration from Cisco Unified SIP Proxy 8.x
You can migrate from existing Cisco Unified SIP Proxy 8.x releases to Cisco Unified SIP Proxy Release 10.1. However, the following are the limitations during the migration:
Cisco Unified SIP Proxy Release 10.1 cannot be installed on SRE Module. You require VMWare ESXi platform to install Cisco Unified SIP Proxy Release 10.1.
Existing Cisco Unified SIP Proxy 8.x SWIFT licenses cannot be migrated to Cisco Unified SIP Proxy 10.1.Contact your Cisco partner or reseller to enquire about the purchase of current licensing.
The backup configuration files from Cisco Unified SIP Proxy 8.x release do not have the network-related configuration as the Cisco SRE module gets the relevant information through RBCP protocol from the host router when it powers up. Cisco Unified SIP Proxy 10.1 does not support RBCP communication. So, if a backup configuration from Cisco Unified SIP Proxy 8.5.x release is restored in Cisco Unified SIP Proxy 10.1, you must manually enter and configure the IP address, subnet mask, and default gateway details during the reload as follows:
a. Ensure that you have console access to the VM of virtual Cisco Unified SIP Proxy 10.1, while you are restoring the configuration of 8.X on 10.1.
b. After the restore is completed, reload the module as per the instructions on the screen.
c. Immediately after the reboot is completed, access the console with your username and password.
d. Configure the IP address, subnet mask, and default gateway as follows:
Enter configuration command, one per line. End with CNTL/Z.
e. After the Cisco Unified SIP Proxy is online, re-associate the users to groups with password reset and try to ssh.
cusp#username cisco group Administrators
cusp#username cisco password cisco
Cisco Unified SIP Proxy 8.x release configuration has multiple sub-interfaces. The sub-interface format in Cisco Unified SIP Proxy Release 10.1 is different from that in Cisco Unified SIP Proxy Release 8.x. You must configure these interfaces manually after the reload is complete.
Listen points are not restored as it requires the IP address of the virtual Cisco Unified SIP Proxy. So, you must manually configure the listen points after restoring the back up from the Cisco Unified SIP Proxy 8.x release.
SIP Ping configuration is not restored as it requires the IP address of the virtual Cisco Unified SIP Proxy. So, you must manually configure SIP Ping configuration on Cisco Unified SIP Proxy 10.1 release after restoring the backup from the Cisco Unified SIP Proxy 8.x release.
Following are the steps to migrate from any of the existing Cisco Unified SIP Proxy Releases to Cisco Unified SIP Proxy Release 10.1:
Note Smart licensing details are reset if smart licensing is configured before restore of configuration. It is always recommended to restore the configuration before enabling smart licensing.
Note When you migrate from Cisco Unified SIP Proxy Release 8.x to Cisco Unified SIP Proxy Release 10.1, if there are no Sub-Interfaces or VLANs defined on the Virtual Machine, remove the VLAN 0 tag from packets at the ESXi switch side or network side. If not, packets with VLAN 0 tag are dropped.
Migration from Cisco Unified SIP Proxy 9.x
You can upgrade from the existing Cisco Unified SIP Proxy 9.x releases to Cisco Unified SIP Proxy Release 10.1. Following are the steps to migrate from any of the existing Cisco Unified SIP Proxy Releases to Cisco Unified SIP Proxy Release 10.1:
1. Copy the running configuration to the startup configuration.
You can upgrade from the existing Cisco Unified SIP Proxy 10.0.x releases to Cisco Unified SIP Proxy Release 10.1. Following are the steps to migrate from any of the existing Cisco Unified SIP Proxy Releases to Cisco Unified SIP Proxy Release 10.1:
1. Copy the running configuration to the startup configuration.
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
Subscribe to What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.
CCDE, CCENT, CCSI, Cisco Eos, Cisco Explorer, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco TrustSec, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Capital, Cisco Capital (Design), Cisco:Financed (Stylized), Cisco Store, Flip Gift Card, and One Million Acts of Green are service marks; and Access Registrar, Aironet, AllTouch, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Lumin, Cisco Nexus, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, Continuum, EtherFast, EtherSwitch, Event Center, Explorer, Follow Me Browsing, GainMaker, iLYNX, IOS, iPhone, IronPort, the IronPort logo, Laser Link, LightStream, Linksys, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, PCNow, PIX, PowerKEY, PowerPanels, PowerTV, PowerTV (Design), PowerVu, Prisma, ProConnect, ROSA, SenderBase, SMARTnet, Spectrum Expert, StackWise, WebEx, and the WebEx logo are registered trademarks of Cisco and/or its affiliates in the United States and certain other countries.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.