Thanks for answering Kevin.<br><br>I guess my eyes were tired the night I started this thread, and yes, it would be ridiculous that Cisco phones couldn´t do rport. I actually found that its not the rport parameter, but the UDP ports usage. nat=no receives the REGISTER with source port 5400 for example, and the VIA header as <a href="http://1.1.1.1:5060">1.1.1.1:5060</a>, so the 200 OK goes out with destination port 5060 as well, this works for the Cisco phone.<br>
<br>nat=yes|force_rport sends the 200 OK out to destination port 5400 instead.<br><br>I was aware of the change introduced because it was also mentioned in the "asterisk-users] Asterisk 1.8.8.0 Now Available" mail a few days ago, so I tried nat=no in the peer definition and it didn´t take effect for some damn reason and I got extra worried for nothing the past 24 hours to the point I couldn´t sleep (about to deploy 25 new phones with latest asterisk).<br>
<br>Embarrassingly enough, I just tried the nat=no again both in the general and peer sections and the blessed phone registered.... My apologies, again, I wrote the thread late at night probably this blinded me.<br><br>
Now, one question about a previous answer from you ("<span style="color:rgb(153,51,153)">It is exactly that; 'force_rport' is now the default.....</span>"):<br>
<br>is the trigger for using the source UDP port from the REGISTER, inside the rport field and inside the destination UDP port of the 200 OK:<br><ol><li>The mismatch between the UDP source port of the REGISTER and the VIA port? Or</li>
<li>The fact that the other entity sends an empty rport?</li><li>Or any of the above?<br></li></ol>Its a difficult question to ask/describe, so if I am not asking correctly please let me know. Thanks a lot, really.<br><br>
José Pablo Méndez<br><br><br><br>On Sun, Dec 18, 2011 at 12:18 PM, Kevin P. Fleming <<a href="mailto:kpfleming@digium.com">kpfleming@digium.com</a>> wrote:<br>><br>> On 12/18/2011 01:42 AM, José Pablo Méndez Soto wrote:<br>
><br>>> I have been testing with Cisco phones and have been able to register<br>>> them with new firmware 9.2.1 (7911/7945/7970). All worked until I<br>>> realized that from version 1.8.7.2, the VIA header contains the rport<br>
>> parameter, which breaks the phone registration process. Basically, the<br>>> device can´t parse the VIA header this way, and when it gets the 200 OK<br>>> to the REGISTER message containing the rport parameter, it refuses to<br>
>> process the registration internally, although it doesn´t complaint about<br>>> it and Asterisk shows it as registered.<br>><br>><br>> First, let me say that it is pretty ridiculous that Cisco phones refuse to accept SIP responses with rport parameters in the Via header. But getting back to your problem... did you read the CHANGES file included with Asterisk 1.8.7.2? The *only* change between 1.8.7.1 and 1.8.7.2 was specifically handling of the 'nat' option in chan_sip to address a security vulnerability, but your message reads as if you are not aware of this.<br>
><br>>> Asterisk 1.8.7.1 doesn´t behave this way and all works fine. The<br>>> documentation about the use of the nat= parameter in sip.conf states:<br>>><br>>> ; nat = no ; Default. Use rport*if* the remote<br>
>><br>>> side says to use it.<br>><br>><br>> This is a bug in the sample configuration file; 'no' is no longer the default, 'force_rport' is.<br>><br>><br>>> I understand that the other side must send an empty rport parameter to<br>
>> report the far end it needs the rport field to be filled in as per the<br>>> RFC. The IP Phone is not sending the field at all, generating<br>>> incongruity between the documentation and the real behavior. The only<br>
>> reason I think Asterisk would find the condition to be true, is due to a<br>>> mismatch between the source port and VIA header ip:port inside the<br>>> REGISTER message.<br>>><br>>> Could this be the trigger of the 200 OK with rport (and, other SIP<br>
>> messages as well)?<br>><br>><br>> It is exactly that; 'force_rport' is now the default, and if you need 'no' behavior, you have to explicitly configure it that way.<br>><br>><br>>> Can it be implemented a nat = never option in future releases?<br>
><br>><br>> There is no need for such an option (which is why it was removed in the Asterisk 1.6.x timeframe).<br>><br>> --<br>> Kevin P. Fleming<br>> Digium, Inc. | Director of Software Technologies<br>
> Jabber: <a href="mailto:kfleming@digium.com">kfleming@digium.com</a> | SIP: <a href="mailto:kpfleming@digium.com">kpfleming@digium.com</a> | Skype: kpfleming<br>> 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA<br>
> Check us out at <a href="http://www.digium.com">www.digium.com</a> & <a href="http://www.asterisk.org">www.asterisk.org</a><br>><br>> --<br>> _____________________________________________________________________<br>
> -- Bandwidth and Colocation Provided by <a href="http://www.api-digital.com">http://www.api-digital.com</a> --<br>> New to Asterisk? Join us for a live introductory webinar every Thurs:<br>> <a href="http://www.asterisk.org/hello">http://www.asterisk.org/hello</a><br>
><br>> asterisk-users mailing list<br>> To UNSUBSCRIBE or update options visit:<br>> <a href="http://lists.digium.com/mailman/listinfo/asterisk-users">http://lists.digium.com/mailman/listinfo/asterisk-users</a><br>
<br>