[Asterisk-Users] SIP Authentication problem between Cisco router
and Asterisk when calls are forwarded
John Lange
john.lange at open-it.ca
Tue May 31 10:30:08 MST 2005
We are using a Cisco router with a T1 card plugged into a PRI provided
by a local telco (Allstream).
This Cisco accepts calls and sends them to a couple of servers running
Asterisk depending on which number was dialled.
But there is a problem.
When a call comes in to the Cisco from the PSTN it sends it to the
Asterisk server something like this:
FROM: 204XXXXXXX@<CISCO IP>
TO: 204NNNNNNN@<Asterisk IP>
Normally, this is no problem. The user 204XXXXXXX does not exist on the
Asterisk server because it is the callerid of someone on the PSTN.
However, if a number on the PSTN is forwarded to a number on the
Asterisk server, and then someone else on the Asterisk server calls the
PSTN number, the call appears at the Asterisk server as being from a
local caller and it is rejected because it has no username/password.
I know, its confusing. So let me try and simplify.
Lets say 204 791 2345 is my cell phone.
And 204 885 0872 is my office phone.
When I get into the office, I forward my cell to my office phone to save
airtime. So 204 791 2345 is forwarded to 204 885 0872.
A random outside caller (204 123 4567) phones my cell (204 791 2345),
which is forwarded to 204 885 0872. No problem, the calls appears at the
Asterisk server as "FROM: 2041234567@<CISCO IP>". Since 2041234567 is
not a user on the Asterisk system it falls through to the default
context and no username/password is required.
However, if someone on a VoIP phone (lets say 204 444 5555) connected to
the Asterisk server calls my cell, the Asterisk server rightly believes
the call is destined for the PSTN and routes it to the Cisco which sends
it out to the PSTN where it promptly comes back in the PRI (because of
the forwarding) and is returned back to the Asterisk box.
The problem is, the from is now "FROM: 2044445555@<CISCO IP>", and
2044445555 *IS* a valid user on the Asterisk box so Asterisk tries to
authenticate the user. The Cisco of course knows nothing about the
username/password for that user and the call gets rejected.
I am not a Cisco person; so the question is, is it possible to have one
of the following:
1) Have asterisk lock onto the IP address of the FROM instead of the
userid portion?
2) Have the Cisco authenticate (register) as a SIP client to the
Asterisk server. This allows me to place the Cisco in its own context.
3) Have the Cisco override the "FROM" portion inserting its own
information but still passing the correct callerID information?
4) another suggestion?
Thanks,
--
John Lange
President OpenIT ltd. www.Open-IT.ca (204) 885 0872
VoIP, Web services, Linux Consulting, Server Co-Location
More information about the asterisk-users
mailing list