asterisk users - Jul 2003 - Sip: problem authenticating (with Cisco VoIP IOS 12.x) [long]

Hello All,

I've been trying for some time to get Asterisk to register with a remote
SIP gateway. I?ve recently managed to configure an SJ Phone to work with
W2000 so know the configuration parameters work correctly.

Asterisk doesn't authenticate properly and I notice that the
authentication request appears different to SJPhone's.  Do any tools
exist to enable me to check these messages?

The remote SIP gateway is running Cisco VoIP IOS 12.x.  I don't know how
it is configured.

I've had to modify the remote account and IP address.  Everything else is
unchanged.

This is the (working) debug output using SJ Phone:

========== Send =============		REGISTER
= transport UDP
= remote 1.2.3.4:5060
= local 24.132.244.120:1047
============================REGISTER sip:1.2.3.4 SIP/2.0
Via: SIP/2.0/UDP 24.132.244.120:5060;branch=z9hG4bKGIT0eMlXdQD2-0
To: sip:912345678@1.2.3.4
From: sip:912345678@1.2.3.4
Call-ID: 6569644770@24.132.244.120
CSeq: 100 REGISTER
Contact: <sip:912345678@24.132.244.120>
User-Agent: MailVision Sip Phone 1.0
Expires: 3600

==============================================================
========== Received =========		AUTHENTICATE YOURSELF
= transport UDP
= remote 1.2.3.4:32769
= local 24.132.244.120:5060
============================SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 24.132.244.120:5060;branch=z9hG4bKGIT0eMlXdQD2-0
To: sip:912345678@1.2.3.4
From: sip:912345678@1.2.3.4
Call-ID: 6569644770@24.132.244.120
CSeq: 100 REGISTER
WWW-Authenticate: Digest realm="multico.es",
 nonce="474c3ba3aca1b4a444188e1adbe5b2da",
 domain="sip:mailvision.com",algorithm=MD5,qop="auth"

==============================================================
========== Send =============		OK
= transport UDP
= remote 1.2.3.4:5060
= local 24.132.244.120:1047
============================REGISTER sip:1.2.3.4 SIP/2.0
Via: SIP/2.0/UDP 24.132.244.120:5060;branch=z9hG4bKGIT0eH1YdQD2-1
To: sip:912345678@1.2.3.4
From: sip:912345678@1.2.3.4
Call-ID: 6569644770@24.132.244.120
CSeq: 101 REGISTER
Contact: <sip:912345678@24.132.244.120>
User-Agent: MailVision Sip Phone 1.0
Expires: 3600
Authorization: Digest
username="912345678",realm="multico.es",
 nonce="474c3ba3aca1b4a444188e1adbe5b2da",
 response="20632e97a55c06337981cb4750b88ef8",uri="sip:1.2.3.4",
 algorithm=MD5,qop=auth,nc=00000001,cnonce="c770968528636542776ba318fef0080e"

==============================================================
========== Received =========		I VALIDATE YOU
= transport UDP
= remote 1.2.3.4:32769
= local 24.132.244.120:5060
============================SIP/2.0 200 OK
Via: SIP/2.0/UDP 24.132.244.120:5060;branch=z9hG4bKGIT0eH1YdQD2-1
To: sip:912345678@1.2.3.4
From: sip:912345678@1.2.3.4
Call-ID: 6569644770@24.132.244.120
CSeq: 101 REGISTER
Contact: <sip:912345678@24.132.244.120>
Expires: 3600
Date: mi?, 25 jun 2003 19:36:33 GMT

==============================================================

This is Asterisk trying to do the same thing (it fails)


========== Send =============		REGISTER
= transport UDP
= remote 1.2.3.4:5060
= local 24.132.244.120:5060
============================REGISTER sip:1.2.3.4 SIP/2.0
Via: SIP/2.0/UDP 24.132.244.120:5060;branch=z9hG4bK625558ec
From: <sip:912345678@1.2.3.4>;tag=as238e1f29
To: <sip:912345678@1.2.3.4>
Call-ID: 6b8b4567327b23c6643c986966334873@24.132.244.120
CSeq: 102 REGISTER
User-Agent: Asterisk PBX
Expires: 120
Contact: <sip:912345678@24.132.244.120>
Event: registration
Content-length: 0

==============================================================
========== Received =========		AUTHENTICATE YOURSELF
= transport UDP
= remote 1.2.3.4:32799
= local 24.132.244.120.5060
============================SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 24.132.244.120:5060;branch=z9hG4bK625558ec
To: <sip:912345678@1.2.3.4>
From: <sip:912345678@1.2.3.4>;tag=as238e1f29
Call-ID: 6b8b4567327b23c6643c986966334873@24.132.244.120
CSeq: 102 REGISTER
WWW-Authenticate: Digest realm="multico.es",
 nonce="4127b63399f64d75e09599368841153f",
 domain="sip:mailvision.com",algorithm=MD5,qop="auth"

==============================================================
========== Send =============		OK
= transport UDP
= remote 1.2.3.4:5060
= local 24.132.244.120.5060
============================REGISTER sip:1.2.3.4 SIP/2.0
Via: SIP/2.0/UDP 24.132.244.120:5060;branch=z9hG4bK625558ec
From: <sip:912345678@1.2.3.4>;tag=as238e1f29
To: <sip:912345678@1.2.3.4>
Call-ID: 6b8b4567327b23c6643c986966334873@24.132.244.120
CSeq: 103 REGISTER
User-Agent: Asterisk PBX
Authorization: Digest username="912345678",
realm="multico.es",
 algorithm="MD5", uri="sip:1.2.3.4",
 nonce="4127b63399f64d75e09599368841153f",
 response="6e34179ab28daf97e93710bae5d30785"
Expires: 120
Contact: <sip:912345678@24.132.244.120>
Event: registration
Content-length: 0

==============================================================
========== Received =========		AUTHENTICATION FAILED
= transport UDP
= remote 1.2.3.4:32799
= local 24.132.244.120.5060
============================SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 24.132.244.120:5060;branch=z9hG4bK625558ec
To: <sip:912345678@1.2.3.4>
From: <sip:912345678@1.2.3.4>;tag=as238e1f29
Call-ID: 6b8b4567327b23c6643c986966334873@24.132.244.120
CSeq: 103 REGISTER
WWW-Authenticate: Digest realm="multico.es",
 nonce="8e314e171dad60223d3e39f6259c3a4c",
 domain="sip:mailvision.com",algorithm=MD5,qop="auth"

==============================================================

One thing I notice is that SJPhone uses the qop, nc and cnonce parameters
which Asterisk doesn't understand.  Could the Cisco server be REQUIRING
their use (which is mentioned in RFC 3261)?

I see a lot of people apparently using Asterisk with great success and
guess the problems are mine, but am unsure of how to debug this further
(inspite of having spent hours pouring over the RFCs, Asterisk source and
tcpdumps of the sessions).

Any ideas would be welcome.

Simon