I need to set up an office full of Cisco 7960 phones behind NAT with the server out in Colo. The first test phone registers fine, but the second one does not register. The first phone's registration looks like so: /SIP/Registry/3115552368 :64.169.xx.yyy:38836:3600:3115552368:sip:3115552368@64.169.xx.yyy:5060 When the second phone tries to register, it gets back a 404 not found. Not a 401, Authentication Required. The error in the full log is:Feb 28 14:26:27 NOTICE[4888] chan_sip.c: Registration from 'sip:8115552368@ev01b.networkpts.com' failed for '64.169.xx.yyy' - Username/auth name mismatch What's the right way to do this. Shown below are my configuration files: </edg> -----SIPDefault and SIPMacAddr ----- image_version: P0S3-07-4-00 tftp_cfg_dir: "" ; Example: ./sip_phone/ proxy_register: 1 timer_register_expires: 3600 dial_template: dialplan messages_uri: 3688 telnet_level: 2 phone_label: "Nat One" line1_name: 3115552368 line1_shortname: 3115552368 line1_authname: 3115552368 line1_password: 3115552368 line1_displayname: "Nat One" logo_url: "http://192.168.1.45/pts.bmp" nat_address: 64.169.xx.xxx nat_enable: 1 nat_received_processing: 1 proxy1_address: myserver.outthere.com My NatTwo phone is similar. The only difference is the name/password using 8115552368. ----sip.conf------------- [3115552368] type=friend host=dynamic username=3115552368 secret=3115552368 nat=1 context=wholesale9 disallow=all allow=ulaw accountcode=testing canreinvite=no [8115552368] type=friend host=dynamic username=8115552368 secret=8115552368 nat=1 context=wholesale9 disallow=all allow=ulaw accountcode=testing canreinvite=no
Ed Greenberg wrote:> I need to set up an office full of Cisco 7960 phones behind NAT with > the server out in Colo. > > The first test phone registers fine, but the second one does not > register.The easiest way to do this is put an Asterisk server on the local side, have the phones register to it and trunk via IAX to the remote server. Doug
Try nat=yes and qualify=yes in sip.conf. -----Original Message----- From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Ed Greenberg Sent: Tuesday, February 28, 2006 3:30 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: [Asterisk-Users] A room full of Cisco 7960s behind NAT I need to set up an office full of Cisco 7960 phones behind NAT with the server out in Colo. The first test phone registers fine, but the second one does not register. The first phone's registration looks like so: /SIP/Registry/3115552368 :64.169.xx.yyy:38836:3600:3115552368:sip:3115552368@64.169.xx.yyy:5060 When the second phone tries to register, it gets back a 404 not found. Not a 401, Authentication Required. The error in the full log is:Feb 28 14:26:27 NOTICE[4888] chan_sip.c: Registration from 'sip:8115552368@ev01b.networkpts.com' failed for '64.169.xx.yyy' - Username/auth name mismatch What's the right way to do this. Shown below are my configuration files: </edg> -----SIPDefault and SIPMacAddr ----- image_version: P0S3-07-4-00 tftp_cfg_dir: "" ; Example: ./sip_phone/ proxy_register: 1 timer_register_expires: 3600 dial_template: dialplan messages_uri: 3688 telnet_level: 2 phone_label: "Nat One" line1_name: 3115552368 line1_shortname: 3115552368 line1_authname: 3115552368 line1_password: 3115552368 line1_displayname: "Nat One" logo_url: "http://192.168.1.45/pts.bmp" nat_address: 64.169.xx.xxx nat_enable: 1 nat_received_processing: 1 proxy1_address: myserver.outthere.com My NatTwo phone is similar. The only difference is the name/password using 8115552368. ----sip.conf------------- [3115552368] type=friend host=dynamic username=3115552368 secret=3115552368 nat=1 context=wholesale9 disallow=all allow=ulaw accountcode=testing canreinvite=no [8115552368] type=friend host=dynamic username=8115552368 secret=8115552368 nat=1 context=wholesale9 disallow=all allow=ulaw accountcode=testing canreinvite=no _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Kristian Kielhofner
2006-Feb-28 17:25 UTC
[Asterisk-Users] A room full of Cisco 7960s behind NAT
Doug Lytle wrote:> Ed Greenberg wrote: > >> I need to set up an office full of Cisco 7960 phones behind NAT with >> the server out in Colo. >> >> The first test phone registers fine, but the second one does not >> register. > > > The easiest way to do this is put an Asterisk server on the local side, > have the phones register to it and trunk via IAX to the remote server. > > DougAnd using AstLinux is easiest: http://www.astlinux.org But seriously, you should have an Asterisk server on the local side and then do an IAX trunk (to reduce bandwidth) back to your other Asterisk system. -- Kristian Kielhofner
My main problem local servers is that I need to (a) be able to forward voicemails between users at multiple locations and (b) have all the message waiting lights working. Otherwise I'd be doing just that. Meanwhile I'll check out qualify=yes - I already have nat=yes. Thanks, </edg> --On Tuesday, February 28, 2006 2:29 PM -0800 Ed Greenberg <edg@greenberg.org> wrote:> I need to set up an office full of Cisco 7960 phones behind NAT with the > server out in Colo. > > The first test phone registers fine, but the second one does not register. > > > > The first phone's registration looks like so: > /SIP/Registry/3115552368 > :64.169.xx.yyy:38836:3600:3115552368:sip:3115552368@64.169.xx.yyy:5060 > > When the second phone tries to register, it gets back a 404 not found. > Not a 401, Authentication Required. > > The error in the full log is:Feb 28 14:26:27 NOTICE[4888] chan_sip.c: > Registration from 'sip:8115552368@ev01b.networkpts.com' failed > for '64.169.xx.yyy' - Username/auth name mismatch > > What's the right way to do this. Shown below are my configuration files: > > </edg> > > -----SIPDefault and SIPMacAddr ----- > > image_version: P0S3-07-4-00 > tftp_cfg_dir: "" ; Example: ./sip_phone/ > proxy_register: 1 > timer_register_expires: 3600 > dial_template: dialplan > messages_uri: 3688 > telnet_level: 2 > phone_label: "Nat One" > line1_name: 3115552368 > line1_shortname: 3115552368 > line1_authname: 3115552368 > line1_password: 3115552368 > line1_displayname: "Nat One" > logo_url: "http://192.168.1.45/pts.bmp" > nat_address: 64.169.xx.xxx > nat_enable: 1 > nat_received_processing: 1 > proxy1_address: myserver.outthere.com > > My NatTwo phone is similar. The only difference is the name/password > using 8115552368. > > ----sip.conf------------- > [3115552368] > type=friend > host=dynamic > username=3115552368 > secret=3115552368 > nat=1 > context=wholesale9 > disallow=all > allow=ulaw > accountcode=testing > canreinvite=no > > [8115552368] > type=friend > host=dynamic > username=8115552368 > secret=8115552368 > nat=1 > context=wholesale9 > disallow=all > allow=ulaw > accountcode=testing > canreinvite=no > _______________________________________________ > --Bandwidth and Colocation provided by Easynews.com -- > > Asterisk-Users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users
Your posted config had nat=1, not nat=yes. Are they interchangeable? I thought I remembered nat=1 either doing something a little different or not doing anything at all. -----Original Message----- From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Ed Greenberg Sent: Tuesday, February 28, 2006 5:51 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [Asterisk-Users] A room full of Cisco 7960s behind NAT My main problem local servers is that I need to (a) be able to forward voicemails between users at multiple locations and (b) have all the message waiting lights working. Otherwise I'd be doing just that. Meanwhile I'll check out qualify=yes - I already have nat=yes. Thanks, </edg> --On Tuesday, February 28, 2006 2:29 PM -0800 Ed Greenberg <edg@greenberg.org> wrote:> I need to set up an office full of Cisco 7960 phones behind NAT withthe> server out in Colo. > > The first test phone registers fine, but the second one does notregister.> > > > The first phone's registration looks like so: > /SIP/Registry/3115552368 >:64.169.xx.yyy:38836:3600:3115552368:sip:3115552368@64.169.xx.yyy:5060> > When the second phone tries to register, it gets back a 404 not found. > Not a 401, Authentication Required. > > The error in the full log is:Feb 28 14:26:27 NOTICE[4888] chan_sip.c: > Registration from 'sip:8115552368@ev01b.networkpts.com' failed > for '64.169.xx.yyy' - Username/auth name mismatch > > What's the right way to do this. Shown below are my configurationfiles:> > </edg> > > -----SIPDefault and SIPMacAddr ----- > > image_version: P0S3-07-4-00 > tftp_cfg_dir: "" ; Example: ./sip_phone/ > proxy_register: 1 > timer_register_expires: 3600 > dial_template: dialplan > messages_uri: 3688 > telnet_level: 2 > phone_label: "Nat One" > line1_name: 3115552368 > line1_shortname: 3115552368 > line1_authname: 3115552368 > line1_password: 3115552368 > line1_displayname: "Nat One" > logo_url: "http://192.168.1.45/pts.bmp" > nat_address: 64.169.xx.xxx > nat_enable: 1 > nat_received_processing: 1 > proxy1_address: myserver.outthere.com > > My NatTwo phone is similar. The only difference is the name/password > using 8115552368. > > ----sip.conf------------- > [3115552368] > type=friend > host=dynamic > username=3115552368 > secret=3115552368 > nat=1 > context=wholesale9 > disallow=all > allow=ulaw > accountcode=testing > canreinvite=no > > [8115552368] > type=friend > host=dynamic > username=8115552368 > secret=8115552368 > nat=1 > context=wholesale9 > disallow=all > allow=ulaw > accountcode=testing > canreinvite=no > _______________________________________________ > --Bandwidth and Colocation provided by Easynews.com -- > > Asterisk-Users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users_______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Is the * server also behind a NAT?> -----Original Message----- > From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users- > bounces@lists.digium.com] On Behalf Of Ed Greenberg > Sent: Tuesday, February 28, 2006 7:44 PM > To: Asterisk Users Mailing List - Non-Commercial Discussion > Subject: RE: [Asterisk-Users] A room full of Cisco 7960s behind NAT > > I've tried it both ways with no noticeable change. > > --On Tuesday, February 28, 2006 7:25 PM -0700 Damon Estep > <damon@suburbanbroadband.net> wrote: > > > Your posted config had nat=1, not nat=yes. Are they interchangeable?I> > thought I remembered nat=1 either doing something a little differentor> > not doing anything at all. > > > > ] > > _______________________________________________ > --Bandwidth and Colocation provided by Easynews.com -- > > Asterisk-Users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users
Ed Greenberg wrote:> I need to set up an office full of Cisco 7960 phones behind NAT with > the server out in Colo. > > The first test phone registers fine, but the second one does not > register. > > > > The first phone's registration looks like so: > /SIP/Registry/3115552368 > :64.169.xx.yyy:38836:3600:3115552368:sip:3115552368@64.169.xx.yyy:5060 > > > When the second phone tries to register, it gets back a 404 not found. > Not a 401, Authentication Required. > > The error in the full log is:Feb 28 14:26:27 NOTICE[4888] chan_sip.c: > Registration from 'sip:8115552368@ev01b.networkpts.com' failed > for '64.169.xx.yyy' - Username/auth name mismatch > > What's the right way to do this. Shown below are my configuration files:Maybe you should change the source port of all phones so that they are not all listening on 5060. This should be handled automatically by your NAT device but sometimes they are broken and you need to simplify things for them. -- Andres Technical Support http://www.telesip.net
Alexander Lopez
2006-Feb-28 22:53 UTC
[Asterisk-Users] A room full of Cisco 7960s behind NAT
I have about 10 cisco 7960/40 behind a Nat router no problem. They work with all features.> -----Original Message----- > From: asterisk-users-bounces@lists.digium.com > [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of > Ed Greenberg > Sent: Tuesday, February 28, 2006 5:30 PM > To: Asterisk Users Mailing List - Non-Commercial Discussion > Subject: [Asterisk-Users] A room full of Cisco 7960s behind NAT > > I need to set up an office full of Cisco 7960 phones behind > NAT with the server out in Colo. > > The first test phone registers fine, but the second one does > not register. > > > > The first phone's registration looks like so: > /SIP/Registry/3115552368 > > :64.169.xx.yyy:38836:3600:3115552368:sip:3115552368@64.169.xx.yyy:5060 > > When the second phone tries to register, it gets back a 404 > not found. Not a 401, Authentication Required. > > The error in the full log is:Feb 28 14:26:27 NOTICE[4888] chan_sip.c: > Registration from 'sip:8115552368@ev01b.networkpts.com' > failed for '64.169.xx.yyy' - Username/auth name mismatch > > What's the right way to do this. Shown below are my > configuration files: > > </edg> > > -----SIPDefault and SIPMacAddr ----- > > image_version: P0S3-07-4-00 > tftp_cfg_dir: "" ; Example: ./sip_phone/ > proxy_register: 1 > timer_register_expires: 3600 > dial_template: dialplan > messages_uri: 3688 > telnet_level: 2 > phone_label: "Nat One" > line1_name: 3115552368 > line1_shortname: 3115552368 > line1_authname: 3115552368 > line1_password: 3115552368 > line1_displayname: "Nat One" > logo_url: "http://192.168.1.45/pts.bmp" > nat_address: 64.169.xx.xxx > nat_enable: 1 > nat_received_processing: 1 > proxy1_address: myserver.outthere.com > > My NatTwo phone is similar. The only difference is the > name/password using 8115552368. > > ----sip.conf------------- > [3115552368] > type=friend > host=dynamic > username=3115552368 > secret=3115552368 > nat=1 > context=wholesale9 > disallow=all > allow=ulaw > accountcode=testing > canreinvite=no > > [8115552368] > type=friend > host=dynamic > username=8115552368 > secret=8115552368 > nat=1 > context=wholesale9 > disallow=all > allow=ulaw > accountcode=testing > canreinvite=no > > _______________________________________________ > --Bandwidth and Colocation provided by Easynews.com -- > > Asterisk-Users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >
Without using something like SER I don't think that's possible. Reinvite probably uses the default SIP ports (and thus won't work with NAT dynamically) right? Bill -----Original Message----- From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Tzafrir Cohen Sent: Friday, March 03, 2006 8:10 PM To: asterisk-users@lists.digium.com Subject: Re: [Asterisk-Users] A room full of Cisco 7960s behind NAT On Tue, Feb 28, 2006 at 05:25:40PM -0700, Damon Estep wrote:> Try nat=yes and qualify=yes in sip.conf.So a call between two SIP phones will have to go through the remote server? Or can those two phones be aware of each other? (If so: how do they know that they are behind the same NAT?) -- Tzafrir Cohen | tzafrir@jbr.cohens.org.il | VIM is http://tzafrir.org.il | | a Mutt's tzafrir@cohens.org.il | | best ICQ# 16849755 | | friend _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
The problem is the remote server. Asterisk is able to drop the media stream and allow the SIP phones to communicate directly, which has both its drawbacks and advantages depending on how you plan to use asterisk. For this to take place you'll need the planets to be in the proper alignment and the following scenerio: 1.) the clients need to agree on a set of codecs so asterisk doesn't have to transcode them. 2.) both clients configured as 'canreinvite=yes' and 'nat=no' 3.) asterisk doens't have to listen for additional DTMF tones Since your phones are behind a nat using a remote asterisk server the calls will always have to route through the * box even if you were calling an associate in the cube next to you. If you were to install a local asterisk box it could handle this problem and also connect to the remote server as well. So a call between two SIP phones will have to go through the remote server? Or can those two phones be aware of each other?