[Asterisk-Users] Sip: problem authenticating (with Cisco VoIP IOS 12.x) [long]

Fri Jul 11 11:57:19 MST 2003

Hello All,

I've been trying for some time to get Asterisk to register with a remote
SIP gateway. I´ve recently managed to configure an SJ Phone to work with
W2000 so know the configuration parameters work correctly.

Asterisk doesn't authenticate properly and I notice that the
authentication request appears different to SJPhone's.  Do any tools
exist to enable me to check these messages?

The remote SIP gateway is running Cisco VoIP IOS 12.x.  I don't know how
it is configured.

I've had to modify the remote account and IP address.  Everything else is
unchanged.

This is the (working) debug output using SJ Phone:

========== Send =============		REGISTER
= transport UDP
= remote 1.2.3.4:5060
= local 24.132.244.120:1047
=============================
REGISTER sip:1.2.3.4 SIP/2.0
Via: SIP/2.0/UDP 24.132.244.120:5060;branch=z9hG4bKGIT0eMlXdQD2-0
To: sip:912345678 at 1.2.3.4
From: sip:912345678 at 1.2.3.4
Call-ID: 6569644770 at 24.132.244.120
CSeq: 100 REGISTER
Contact: <sip:912345678 at 24.132.244.120>
User-Agent: MailVision Sip Phone 1.0
Expires: 3600

===============================================================

========== Received =========		AUTHENTICATE YOURSELF
= transport UDP
= remote 1.2.3.4:32769
= local 24.132.244.120:5060
=============================
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 24.132.244.120:5060;branch=z9hG4bKGIT0eMlXdQD2-0
To: sip:912345678 at 1.2.3.4
From: sip:912345678 at 1.2.3.4
Call-ID: 6569644770 at 24.132.244.120
CSeq: 100 REGISTER
WWW-Authenticate: Digest realm="multico.es",
 nonce="474c3ba3aca1b4a444188e1adbe5b2da",
 domain="sip:mailvision.com",algorithm=MD5,qop="auth"

===============================================================

========== Send =============		OK
= transport UDP
= remote 1.2.3.4:5060
= local 24.132.244.120:1047
=============================
REGISTER sip:1.2.3.4 SIP/2.0
Via: SIP/2.0/UDP 24.132.244.120:5060;branch=z9hG4bKGIT0eH1YdQD2-1
To: sip:912345678 at 1.2.3.4
From: sip:912345678 at 1.2.3.4
Call-ID: 6569644770 at 24.132.244.120
CSeq: 101 REGISTER
Contact: <sip:912345678 at 24.132.244.120>
User-Agent: MailVision Sip Phone 1.0
Expires: 3600
Authorization: Digest username="912345678",realm="multico.es",
 nonce="474c3ba3aca1b4a444188e1adbe5b2da",
 response="20632e97a55c06337981cb4750b88ef8",uri="sip:1.2.3.4",
 algorithm=MD5,qop=auth,nc=00000001,cnonce="c770968528636542776ba318fef0080e"

===============================================================

========== Received =========		I VALIDATE YOU
= transport UDP
= remote 1.2.3.4:32769
= local 24.132.244.120:5060
=============================
SIP/2.0 200 OK
Via: SIP/2.0/UDP 24.132.244.120:5060;branch=z9hG4bKGIT0eH1YdQD2-1
To: sip:912345678 at 1.2.3.4
From: sip:912345678 at 1.2.3.4
Call-ID: 6569644770 at 24.132.244.120
CSeq: 101 REGISTER
Contact: <sip:912345678 at 24.132.244.120>
Expires: 3600
Date: mié, 25 jun 2003 19:36:33 GMT

===============================================================

This is Asterisk trying to do the same thing (it fails)

========== Send =============		REGISTER
= transport UDP
= remote 1.2.3.4:5060
= local 24.132.244.120:5060
=============================
REGISTER sip:1.2.3.4 SIP/2.0
Via: SIP/2.0/UDP 24.132.244.120:5060;branch=z9hG4bK625558ec
From: <sip:912345678 at 1.2.3.4>;tag=as238e1f29
To: <sip:912345678 at 1.2.3.4>
Call-ID: 6b8b4567327b23c6643c986966334873 at 24.132.244.120
CSeq: 102 REGISTER
User-Agent: Asterisk PBX
Expires: 120
Contact: <sip:912345678 at 24.132.244.120>
Event: registration
Content-length: 0

===============================================================

========== Received =========		AUTHENTICATE YOURSELF
= transport UDP
= remote 1.2.3.4:32799
= local 24.132.244.120.5060
=============================
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 24.132.244.120:5060;branch=z9hG4bK625558ec
To: <sip:912345678 at 1.2.3.4>
From: <sip:912345678 at 1.2.3.4>;tag=as238e1f29
Call-ID: 6b8b4567327b23c6643c986966334873 at 24.132.244.120
CSeq: 102 REGISTER
WWW-Authenticate: Digest realm="multico.es",
 nonce="4127b63399f64d75e09599368841153f",
 domain="sip:mailvision.com",algorithm=MD5,qop="auth"

===============================================================

========== Send =============		OK
= transport UDP
= remote 1.2.3.4:5060
= local 24.132.244.120.5060
=============================
REGISTER sip:1.2.3.4 SIP/2.0
Via: SIP/2.0/UDP 24.132.244.120:5060;branch=z9hG4bK625558ec
From: <sip:912345678 at 1.2.3.4>;tag=as238e1f29
To: <sip:912345678 at 1.2.3.4>
Call-ID: 6b8b4567327b23c6643c986966334873 at 24.132.244.120
CSeq: 103 REGISTER
User-Agent: Asterisk PBX
Authorization: Digest username="912345678", realm="multico.es",
 algorithm="MD5", uri="sip:1.2.3.4",
 nonce="4127b63399f64d75e09599368841153f",
 response="6e34179ab28daf97e93710bae5d30785"
Expires: 120
Contact: <sip:912345678 at 24.132.244.120>
Event: registration
Content-length: 0

===============================================================

========== Received =========		AUTHENTICATION FAILED
= transport UDP
= remote 1.2.3.4:32799
= local 24.132.244.120.5060
=============================
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 24.132.244.120:5060;branch=z9hG4bK625558ec
To: <sip:912345678 at 1.2.3.4>
From: <sip:912345678 at 1.2.3.4>;tag=as238e1f29
Call-ID: 6b8b4567327b23c6643c986966334873 at 24.132.244.120
CSeq: 103 REGISTER
WWW-Authenticate: Digest realm="multico.es",
 nonce="8e314e171dad60223d3e39f6259c3a4c",
 domain="sip:mailvision.com",algorithm=MD5,qop="auth"

===============================================================

One thing I notice is that SJPhone uses the qop, nc and cnonce parameters
which Asterisk doesn't understand.  Could the Cisco server be REQUIRING
their use (which is mentioned in RFC 3261)?

I see a lot of people apparently using Asterisk with great success and
guess the problems are mine, but am unsure of how to debug this further
(inspite of having spent hours pouring over the RFCs, Asterisk source and
tcpdumps of the sessions).

Any ideas would be welcome.

Simon