Does anyone have this working? I have a Cisco 7970 with the 8-0-2-SR1S
firmware loaded on it. I can get the phone to register with * just fine
when I place my asterisk server on the same subnet and do no NAT. When I
give my asterisk server a static public IP and put the phone behind a
NAT to connect to the server registration fails. I turn on sip debugging
and see that the phone is trying to register but it gets 401
Unauthorized. The same phone config is being used with only
modifications to the IPs of the proxy and some NAT settings. I've
adjusted NAT settings in two places (phone config and sip.conf).
Example:
sip.conf
change "nat=never" to "nat=yes"
Phone config:
change
<natEnabled>0</natEnabled>
<natAddress></natAddress>
to
<natEnabled>1</natEnabled>
<natAddress></natAddress>
Does anyone have a similar setup with a 7970 behind NAT to an asterisk
server that is not behind NAT? Any help or thoughts would be greatly
appreciated.
Jeremiah
Since the phone is the one behind a NAT, and the registration is done only with SIP packages, setting or not the "nat" is not an issue (ONLY for registration purposes). You can see this since Asterisk is receiving the registration. Why is it denying it?... wel, that's something that will most likely has to do with the registrationn parameters (user-passwd), but certainly not with the network configuration. Alyed ---------------------------------------- Return-Path: <asterisk-users-bounces@lists.digium.com> Wed Sep 20 13:35:46 2006 Received: from digium-69-16-138-164.phx1.puregig.net [69.16.138.164] by maila11.webcontrolcenter.com with SMTP; Wed, 20 Sep 2006 13:35:46 -0700 Received: from digium-69-16-138-164.phx1.puregig.net (localhost [127.0.0.1]) Does anyone have this working? I have a Cisco 7970 with the 8-0-2-SR1S firmware loaded on it. I can get the phone to register with * just fine when I place my asterisk server on the same subnet and do no NAT. When I give my asterisk server a static public IP and put the phone behind a NAT to connect to the server registration fails. I turn on sip debugging and see that the phone is trying to register but it gets 401 Unauthorized. The same phone config is being used with only modifications to the IPs of the proxy and some NAT settings. I've adjusted NAT settings in two places (phone config and sip.conf). Example: sip.conf change "nat=never" to "nat=yes" Phone config: change 0 to 1 Does anyone have a similar setup with a 7970 behind NAT to an asterisk server that is not behind NAT? Any help or thoughts would be greatly appreciated. Jeremiah _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20060920/33eba109/attachment-0001.htm
Jeremiah wrote:> Does anyone have this working? I have a Cisco 7970 with the 8-0-2-SR1S > firmware loaded on it. I can get the phone to register with * justfine> when I place my asterisk server on the same subnet and do no NAT. WhenI> give my asterisk server a static public IP and put the phone behind aNAT> to connect to the server registration fails. I turn on sip debuggingand> see that the phone is trying to register but it gets 401 Unauthorized. > The same phone config is being used with only modifications to the IPsof> the proxy and some NAT settings. I've adjusted NAT settings in twoplaces> (phone config and sip.conf).The problem is that the 7970 phones by default are listening for replies to their register requests on port 5060. Unfortunately, the phone sends them out from random ports. So, if you have nat=yes on the sip peer in asterisk then the asterisk will send the reply to the port the request came from and not 5060. The only deployment we have done of these phones with NAT involved was for 2 executives at a branch office. In order to get the phones working we had to set the XML configs for the phones to send the external IP address of the firewall (you'll need a static IP for this to work) and to request replies on a custom port other than 5060. We then gave the phones DHCP reservations so they would always get the same private IP and mapped the custom sip ports through the firewall to each of the 2 phones. The sip peers in asterisk then had nat=no. Kind of a kludge but since there were only two 7970 phones it was manageable. The other cisco phones don't seem to have this problem. Perhaps somebody out there knows a way to make the 7970 phones accept SIP responses back to the originating port. I wasted several hours but couldn't figure it out. -Evan
Shortly after I sent this e-mail I got it figured out. In sip.conf I had to put nat=no. The phone config also need to have all NAT features turned off. It was strange because I was sniffing the packets for the registration and saw no authentication information coming from the phone (with a really high source port number I might add), then I turned off NAT in sip.conf and did a reload and all of a sudden the phone was registered. This is the opposite of what I do for my 7960s running the 7.4 SIP image. After I got the 7970 working I had a 7961 running the 8.0.2SR1 unified image and had to do the same thing. The config files and settings for phones running the newer Cisco SIP software all require these parameters. Just an F.Y.I. Jeremiah> The problem is that the 7970 phones by default are listening for replies > to their register requests on port 5060. Unfortunately, the phone sends > them out from random ports. So, if you have nat=yes on the sip peer in > asterisk then the asterisk will send the reply to the port the request > came from and not 5060. > > The only deployment we have done of these phones with NAT involved was > for 2 executives at a branch office. In order to get the phones working > we had to set the XML configs for the phones to send the external IP > address of the firewall (you'll need a static IP for this to work) and > to request replies on a custom port other than 5060. We then gave the > phones DHCP reservations so they would always get the same private IP > and mapped the custom sip ports through the firewall to each of the 2 > phones. The sip peers in asterisk then had nat=no. Kind of a kludge > but since there were only two 7970 phones it was manageable. The other > cisco phones don't seem to have this problem. > > Perhaps somebody out there knows a way to make the 7970 phones accept > SIP responses back to the originating port. I wasted several hours but > couldn't figure it out. > > -Evan-- ______________________________________________________________ Rock River Internet Jeremiah Millay 202 W. State St, 8th Floor jeremiah@rockriver.net Rockford, IL 61101 815-968-9888 Ext. 2202 USA fax 968-6888