[Asterisk-Dev] Asterisk does not handle call from a Cisco IAD correctly

Thu Dec 29 15:57:19 MST 2005

I just noticed I used the word "peer" in the sip.conf example below that 
should have been "user" (it is an incoming call after all.) I type 
faster then I think sometimes. Thanks for not flaming me. LOL

Any-e-ways. I jumped in to the code to fix my problem and noticed that 
the code looks much better then the last time I browsed the Asterisk sip 
code over a year ago!  So who ever is now managing that code you rock. 
It was an unreadable mess the last time I was in there, It really is 
night and day.

Once I got my head around the code I was thinking of adding a 
"insecure=port" to allow matching of user by IP address without matching 
port number. There is already code in there to do this for a peer 
statement so I guess I will need to find another name for this or 
overload the current version? So in other words should It look like this:

[bna-vonx-iad]
type=user
context=trusted-out
insecure=port
host=192.168.7.250  ; this is also only a peer only option?
canreinvite=no

Or this:

[bna-vonx-iad]
type=user
context=trusted-out
userinsecure=port
userhost=192.168.7.250
canreinvite=no

But then I ran in to the code for domain=customer.com,customer-context 
which in the new sip.conf.sample file looks like it would do what I want?

"Incoming INVITE and REFER messages can be matched against a list of 
'allowed' domains, each of which can direct the call to a specific 
context if desired. By default, all domains are accepted and sent to the 
default context or the context associated with the user/peer placing the 
call. Domains can be specified using:
domain=<domain>[,<context>]"

So I added :
domain=192.168.7.250,trusted-out
autodomain=yes

But same problem because it comes in with a source port other then 5060 
it is ignored!, so now I am really confused should I fix this in the 
"user" code or the "domain" code?

domaininsecure=port ????

Until we add something we will not be able to be be a gateway for newer 
Cisco IAD2630's. But at this point I don't have a clue where I need to 
fix this issue.  I have this issue listed 
http://bugs.digium.com/view.php?id=6069

Any help? commits?

James Sizemore wrote:
> Tilghman Lesher wrote:
>>
>>
>> No, this is actually sane.  This is necessary behavior in order to
>> support multiple SIP clients from behind the same NAT.  Asterisk needs
>> to know the control port for your host, and it needs to stay consistent
>> between a REGISTER and an INVITE.  If Asterisk sees a different control
>> port, it quite naturally assumes that that's a different client.
>>
> Thanks for the reply
> 
> I do not see this as sane, this is not a register, this is a peer 
> statement, and needs to be treated differently then a register.  Any 
> call from this peer should be allowed regardless of the port used.  I 
> agree that if I had registered and given a port that I should continue 
> to use said port.  But in this case I never registered and calls from 
> 192.168.7.250 should be allowed with out restriction.  I am not a big 
> fan of the way cisco does a lot of stuff, but in this case using a 
> random port for an out going calls from the device to 5060 on the 
> receiving device is pretty normal way to establish a out going connection.
> 
> Although I think I can get the Cisco to always use 5060 as it's out 
> going port (and there work around the problem) I still think the error 
> is on the Asterisk side.
> 
> [bna-vonx-iad]
> type=peer
> context=trusted-out
> host=192.168.7.250
> canreinvite=no
> 
> 
> 