Simon J Mudd
2003-Jul-11 11:57 UTC
[Asterisk-Users] Sip: problem authenticating (with Cisco VoIP IOS 12.x) [long]
Hello All, I've been trying for some time to get Asterisk to register with a remote SIP gateway. I?ve recently managed to configure an SJ Phone to work with W2000 so know the configuration parameters work correctly. Asterisk doesn't authenticate properly and I notice that the authentication request appears different to SJPhone's. Do any tools exist to enable me to check these messages? The remote SIP gateway is running Cisco VoIP IOS 12.x. I don't know how it is configured. I've had to modify the remote account and IP address. Everything else is unchanged. This is the (working) debug output using SJ Phone: ========== Send ============= REGISTER = transport UDP = remote 1.2.3.4:5060 = local 24.132.244.120:1047 ============================REGISTER sip:1.2.3.4 SIP/2.0 Via: SIP/2.0/UDP 24.132.244.120:5060;branch=z9hG4bKGIT0eMlXdQD2-0 To: sip:912345678@1.2.3.4 From: sip:912345678@1.2.3.4 Call-ID: 6569644770@24.132.244.120 CSeq: 100 REGISTER Contact: <sip:912345678@24.132.244.120> User-Agent: MailVision Sip Phone 1.0 Expires: 3600 ============================================================== ========== Received ========= AUTHENTICATE YOURSELF = transport UDP = remote 1.2.3.4:32769 = local 24.132.244.120:5060 ============================SIP/2.0 401 Unauthorized Via: SIP/2.0/UDP 24.132.244.120:5060;branch=z9hG4bKGIT0eMlXdQD2-0 To: sip:912345678@1.2.3.4 From: sip:912345678@1.2.3.4 Call-ID: 6569644770@24.132.244.120 CSeq: 100 REGISTER WWW-Authenticate: Digest realm="multico.es", nonce="474c3ba3aca1b4a444188e1adbe5b2da", domain="sip:mailvision.com",algorithm=MD5,qop="auth" ============================================================== ========== Send ============= OK = transport UDP = remote 1.2.3.4:5060 = local 24.132.244.120:1047 ============================REGISTER sip:1.2.3.4 SIP/2.0 Via: SIP/2.0/UDP 24.132.244.120:5060;branch=z9hG4bKGIT0eH1YdQD2-1 To: sip:912345678@1.2.3.4 From: sip:912345678@1.2.3.4 Call-ID: 6569644770@24.132.244.120 CSeq: 101 REGISTER Contact: <sip:912345678@24.132.244.120> User-Agent: MailVision Sip Phone 1.0 Expires: 3600 Authorization: Digest username="912345678",realm="multico.es", nonce="474c3ba3aca1b4a444188e1adbe5b2da", response="20632e97a55c06337981cb4750b88ef8",uri="sip:1.2.3.4", algorithm=MD5,qop=auth,nc=00000001,cnonce="c770968528636542776ba318fef0080e" ============================================================== ========== Received ========= I VALIDATE YOU = transport UDP = remote 1.2.3.4:32769 = local 24.132.244.120:5060 ============================SIP/2.0 200 OK Via: SIP/2.0/UDP 24.132.244.120:5060;branch=z9hG4bKGIT0eH1YdQD2-1 To: sip:912345678@1.2.3.4 From: sip:912345678@1.2.3.4 Call-ID: 6569644770@24.132.244.120 CSeq: 101 REGISTER Contact: <sip:912345678@24.132.244.120> Expires: 3600 Date: mi?, 25 jun 2003 19:36:33 GMT ============================================================== This is Asterisk trying to do the same thing (it fails) ========== Send ============= REGISTER = transport UDP = remote 1.2.3.4:5060 = local 24.132.244.120:5060 ============================REGISTER sip:1.2.3.4 SIP/2.0 Via: SIP/2.0/UDP 24.132.244.120:5060;branch=z9hG4bK625558ec From: <sip:912345678@1.2.3.4>;tag=as238e1f29 To: <sip:912345678@1.2.3.4> Call-ID: 6b8b4567327b23c6643c986966334873@24.132.244.120 CSeq: 102 REGISTER User-Agent: Asterisk PBX Expires: 120 Contact: <sip:912345678@24.132.244.120> Event: registration Content-length: 0 ============================================================== ========== Received ========= AUTHENTICATE YOURSELF = transport UDP = remote 1.2.3.4:32799 = local 24.132.244.120.5060 ============================SIP/2.0 401 Unauthorized Via: SIP/2.0/UDP 24.132.244.120:5060;branch=z9hG4bK625558ec To: <sip:912345678@1.2.3.4> From: <sip:912345678@1.2.3.4>;tag=as238e1f29 Call-ID: 6b8b4567327b23c6643c986966334873@24.132.244.120 CSeq: 102 REGISTER WWW-Authenticate: Digest realm="multico.es", nonce="4127b63399f64d75e09599368841153f", domain="sip:mailvision.com",algorithm=MD5,qop="auth" ============================================================== ========== Send ============= OK = transport UDP = remote 1.2.3.4:5060 = local 24.132.244.120.5060 ============================REGISTER sip:1.2.3.4 SIP/2.0 Via: SIP/2.0/UDP 24.132.244.120:5060;branch=z9hG4bK625558ec From: <sip:912345678@1.2.3.4>;tag=as238e1f29 To: <sip:912345678@1.2.3.4> Call-ID: 6b8b4567327b23c6643c986966334873@24.132.244.120 CSeq: 103 REGISTER User-Agent: Asterisk PBX Authorization: Digest username="912345678", realm="multico.es", algorithm="MD5", uri="sip:1.2.3.4", nonce="4127b63399f64d75e09599368841153f", response="6e34179ab28daf97e93710bae5d30785" Expires: 120 Contact: <sip:912345678@24.132.244.120> Event: registration Content-length: 0 ============================================================== ========== Received ========= AUTHENTICATION FAILED = transport UDP = remote 1.2.3.4:32799 = local 24.132.244.120.5060 ============================SIP/2.0 401 Unauthorized Via: SIP/2.0/UDP 24.132.244.120:5060;branch=z9hG4bK625558ec To: <sip:912345678@1.2.3.4> From: <sip:912345678@1.2.3.4>;tag=as238e1f29 Call-ID: 6b8b4567327b23c6643c986966334873@24.132.244.120 CSeq: 103 REGISTER WWW-Authenticate: Digest realm="multico.es", nonce="8e314e171dad60223d3e39f6259c3a4c", domain="sip:mailvision.com",algorithm=MD5,qop="auth" ============================================================== One thing I notice is that SJPhone uses the qop, nc and cnonce parameters which Asterisk doesn't understand. Could the Cisco server be REQUIRING their use (which is mentioned in RFC 3261)? I see a lot of people apparently using Asterisk with great success and guess the problems are mine, but am unsure of how to debug this further (inspite of having spent hours pouring over the RFCs, Asterisk source and tcpdumps of the sessions). Any ideas would be welcome. Simon
Reasonably Related Threads
- forward_msg: no 2nd via found in reply
- Asterisk confused when interface has multiple addresses?
- Got Anonymous from DID incoming call and can't re-send to another asterisk with new callerid
- SIP Registration with Entice Softswitch
- SIP REGISTER behavior change: specific domains possible in REGISTER