[asterisk-users] Re: ast 1.2.x - cisco 7970 behind nat to external asterisk with no nat

Matt Gibson diwelf at gmail.com
Tue Apr 24 15:19:48 MST 2007


I've been told to reply with the relevant section of my sip.conf.


[125]
type=friend
username=125
md5secret=3b7d9943ee3a22a36d59afead97fa442
host=dynamic
;defaultip=xx.xx.xx.xx
qualify=no
context=local
callerid="Test" <125>
amaflags=default
nat=yes
canreinvite=no
mailbox=125 at default
allow=ulaw

I generated the password with echo -n "125:asterisk:<pass>" | md5sum

Thanks,
MG


On 24/04/07, Matt Gibson <diwelf at gmail.com> wrote:
> Here is a followup:
>
> I've now tried SIP 7.0.5 which also doesn't work. I've also got
> debugging information from both sites (1.4.2, nat, local) and (1.2.16,
> no nat, remote) which I will paste below. Any help would be greatly
> appreciated. It looks to me like the issue is the following:
>
> Authorization: Digest
> username="8080",realm="asterisk",uri="sip:10.0.2.10",response="f990f963433d72944ca125d5c62c275d",nonce="13a80653",algorithm=MD5
> Content-Length: 0
>
> That appears on the 1.4.2 site, but not the 1.2.16 side. Is this why
> the phone isn't registering? I don't know enough about SIP to know for
> sure.
>
>
> SIP ON REMOTE BOX:
> ------------------
>
> <-- SIP read from XXX.XXX.XXX.XXX:55511:
> REGISTER sip:pbx.somedomain.com SIP/2.0
> Via: SIP/2.0/UDP 10.0.2.20:5060;branch=z9hG4bKf7e4cbea
> From: <sip:125 at pbx.somedomain.com>;tag=0015faa0e8cf000779e2fc93-88fdab30
> To: <sip:125 at pbx.somedomain.com>
> Call-ID: 0015faa0-e8cf0005-9f301cb5-e7d34d98 at 10.0.2.20
> Max-Forwards: 70
> Date: Tue, 24 Apr 2007  GMT
> CSeq: 103 REGISTER
> User-Agent: Cisco-CP7970G/8.0
> Contact: <sip:125 at 10.0.2.20:5060;transport=udp>;+sip.instance="<urn:uuid:00000000-0000-0000-0000-0015faa0e8cf>";+u.sip!model.ccm.cisco.com="30006"
> Content-Length: 0
> Expires: 3600
>
>
> --- (12 headers 0 lines) ---
> Using latest REGISTER request as basis request
> Sending to 10.0.2.20 : 5060 (NAT)
> Transmitting (NAT) to XXX.XXX.XXX.XXX:55511:
> SIP/2.0 100 Trying
> Via: SIP/2.0/UDP 10.0.2.20:5060;branch=z9hG4bKf7e4cbea;received=XXX.XXX.XXX.XXX
> From: <sip:125 at pbx.somedomain.com>;tag=0015faa0e8cf000779e2fc93-88fdab30
> To: <sip:125 at pbx.somedomain.com>
> Call-ID: 0015faa0-e8cf0005-9f301cb5-e7d34d98 at 10.0.2.20
> CSeq: 103 REGISTER
> User-Agent: Asterisk PBX
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
> Contact: <sip:125 at 216.145.22.110>
> Content-Length: 0
>
>
> ---
> Transmitting (NAT) to XXX.XXX.XXX.XXX:55511:
> SIP/2.0 401 Unauthorized
> Via: SIP/2.0/UDP 10.0.2.20:5060;branch=z9hG4bKf7e4cbea;received=XXX.XXX.XXX.XXX
> From: <sip:125 at pbx.somedomain.com>;tag=0015faa0e8cf000779e2fc93-88fdab30
> To: <sip:125 at pbx.somedomain.com>;tag=as67521997
> Call-ID: 0015faa0-e8cf0005-9f301cb5-e7d34d98 at 10.0.2.20
> CSeq: 103 REGISTER
> User-Agent: Asterisk PBX
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
> WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="1810bf00"
> Content-Length: 0
>
>
>
>
>
> SIP ON LOCAL (NO NAT) BOX:
> --------------------------
>
> <--- SIP read from 10.0.2.20:51950 --->
> REGISTER sip:10.0.2.10 SIP/2.0
> Via: SIP/2.0/UDP 10.0.2.20:5060;branch=z9hG4bKb64f7d91
> From: <sip:8080 at 10.0.2.10>;tag=0015faa0e8cf0002ce03525c-f41c3afb
> To: <sip:8080 at 10.0.2.10>
> Call-ID: 0015faa0-e8cf0002-ce1851de-2d1c9545 at 10.0.2.20
> Max-Forwards: 70
> Date: Tue, 24 Apr 2007  GMT
> CSeq: 102 REGISTER
> User-Agent: Cisco-CP7970G/8.0
> Contact: <sip:8080 at 10.0.2.20:5060;transport=udp>;+sip.instance="<urn:uuid:00000000-0000-0000-0000-0015faa0e8cf>";+u.sip!model.ccm.cisco.com="30006"
> Authorization: Digest
> username="8080",realm="asterisk",uri="sip:10.0.2.10",response="f990f963433d72944ca125d5c62c275d",nonce="13a80653",algorithm=MD5
> Content-Length: 0
> Expires: 3600
>
>
> <------------->
> --- (13 headers 0 lines) ---
> Using latest REGISTER request as basis request
> Sending to 10.0.2.20 : 5060 (no NAT)
>
> <--- Transmitting (no NAT) to 10.0.2.20:5060 --->
> SIP/2.0 100 Trying
> Via: SIP/2.0/UDP 10.0.2.20:5060;branch=z9hG4bKb64f7d91;received=10.0.2.20
> From: <sip:8080 at 10.0.2.10>;tag=0015faa0e8cf0002ce03525c-f41c3afb
> To: <sip:8080 at 10.0.2.10>
> Call-ID: 0015faa0-e8cf0002-ce1851de-2d1c9545 at 10.0.2.20
> CSeq: 102 REGISTER
> User-Agent: Asterisk PBX
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
> Supported: replaces
> Contact: <sip:8080 at 10.0.2.10>
> Content-Length: 0
>
>
> <------------>
> pbx*CLI>
> <--- Transmitting (no NAT) to 10.0.2.20:5060 --->
> SIP/2.0 200 OK
> Via: SIP/2.0/UDP 10.0.2.20:5060;branch=z9hG4bKb64f7d91;received=10.0.2.20
> From: <sip:8080 at 10.0.2.10>;tag=0015faa0e8cf0002ce03525c-f41c3afb
> To: <sip:8080 at 10.0.2.10>;tag=as3d34555a
> Call-ID: 0015faa0-e8cf0002-ce1851de-2d1c9545 at 10.0.2.20
> CSeq: 102 REGISTER
> User-Agent: Asterisk PBX
> Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
> Supported: replaces
> Expires: 3600
> Contact: <sip:8080 at 10.0.2.20:5060;transport=udp>;expires=3600
> Date: Tue, 24 Apr 2007 21:40:09 GMT
> Content-Length: 0
>
>
> Thanks for your help!
>
>
> On 24/04/07, Matt Gibson <diwelf at gmail.com> wrote:
> > Hi All,
> >
> > As the subject describes, has anyone gotten this to work? I am running
> > an asterisk 1.2.16 server, and am trying to register my cisco 7970
> > remotely to it, but it just won't go.
> >
> > I am running 1.4.2 internally and the phone registers fine to it. I'm
> > using the latest firmware (i think) - 8.2.1S
> >
> > On the server in question I have tried the following for the sip declaration:
> >
> > qualify=never
> > nat=no (yes)
> > defaultip=(natip)(externalip)
> > md5secret=<md5pass>
> > or
> > secret=<secret>
> >
> > Nothing seems to work, and I continually get "sip 401 unauthorized"
> > messages on the console when the phone tries to register.
> >
> > I've spent a number of hours on this googling and searching for anyone
> > working with 1.2 and 7970's, but I can't find any information. Any
> > help would be much appreciated.
> >
> > Scenario:
> >
> > cisco 7970 -> switch -> pfsense/soekris/nat -> cable modem -> remote pbx
> >
> > Local firewall has port forwarding on for 5060 tcp/udp to my internal
> > * box, and also for UDP 10000-30000 port forwarded to local * box as
> > well. Is there anything else I can try?
> >
> > Thanks,
> > Matt
> >
>


More information about the asterisk-users mailing list