asterisk users - May 2005 - SIP Authentication problem between Cisco router and Asterisk when calls are forwarded

We are using a Cisco router with a T1 card plugged into a PRI provided
by a local telco (Allstream).

This Cisco accepts calls and sends them to a couple of servers running
Asterisk depending on which number was dialled.

But there is a problem.

When a call comes in to the Cisco from the PSTN it sends it to the
Asterisk server something like this:

FROM: 204XXXXXXX@<CISCO IP>
TO: 204NNNNNNN@<Asterisk IP>

Normally, this is no problem. The user 204XXXXXXX does not exist on the
Asterisk server because it is the callerid of someone on the PSTN.

However, if a number on the PSTN is forwarded to a number on the
Asterisk server, and then someone else on the Asterisk server calls the
PSTN number, the call appears at the Asterisk server as being from a
local caller and it is rejected because it has no username/password.

I know, its confusing. So let me try and simplify.

Lets say 204 791 2345 is my cell phone.

And 204 885 0872 is my office phone.

When I get into the office, I forward my cell to my office phone to save
airtime. So 204 791 2345 is forwarded to 204 885 0872.

A random outside caller (204 123 4567) phones my cell (204 791 2345),
which is forwarded to 204 885 0872. No problem, the calls appears at the
Asterisk server as "FROM: 2041234567@<CISCO IP>". Since
2041234567 is
not a user on the Asterisk system it falls through to the default
context and no username/password is required.

However, if someone on a VoIP phone (lets say 204 444 5555) connected to
the Asterisk server calls my cell, the Asterisk server rightly believes
the call is destined for the PSTN and routes it to the Cisco which sends
it out to the PSTN where it promptly comes back in the PRI (because of
the forwarding) and is returned back to the Asterisk box.

The problem is, the from is now "FROM: 2044445555@<CISCO IP>",
and
2044445555 *IS* a valid user on the Asterisk box so Asterisk tries to
authenticate the user. The Cisco of course knows nothing about the
username/password for that user and the call gets rejected.

I am not a Cisco person; so the question is, is it possible to have one
of the following:

1) Have asterisk lock onto the IP address of the FROM instead of the
userid portion?

2) Have the Cisco authenticate (register) as a SIP client to the
Asterisk server. This allows me to place the Cisco in its own context.

3) Have the Cisco override the "FROM" portion inserting its own
information but still passing the correct callerID information?

4) another suggestion?

Thanks,

-- 
John Lange
President OpenIT ltd. www.Open-IT.ca (204) 885 0872
VoIP, Web services, Linux Consulting, Server Co-Location

I think good practise is
* Not confuse [peer] names in sip.conf with extension numbers
  (as you have learned). Extensions will match several peers
  some times, and when using trunks, it will cause problems.
  It is also much easier if the peer is a name and an extension
  is a number. (But I might be a confused person... :-)

* Do not use "-" hyphens in peer names (will confuse some hint/device
  management for manager and sip subscriptions

You might also want to add a peer as the *last* entry in SIP conf with a
host= entry that matches the IP of the peers SIP proxy. THat way, we'll
match that one on IP number. But of course, if you have users with the
same user name part before the @, we will match (as you've noticed).

Any others that have recommendations on naming peers and users?

Good luck!

/Olle

----
Astricon - the Asterisk User's conference - Madrid June 15-17
http://www.astricon.net/europe/ - Register today!