Matt Gibson
2007-Apr-24 02:00 UTC
[asterisk-users] ast 1.2.x - cisco 7970 behind nat to external asterisk with no nat
Hi All, As the subject describes, has anyone gotten this to work? I am running an asterisk 1.2.16 server, and am trying to register my cisco 7970 remotely to it, but it just won't go. I am running 1.4.2 internally and the phone registers fine to it. I'm using the latest firmware (i think) - 8.2.1S On the server in question I have tried the following for the sip declaration: qualify=never nat=no (yes) defaultip=(natip)(externalip) md5secret=<md5pass> or secret=<secret> Nothing seems to work, and I continually get "sip 401 unauthorized" messages on the console when the phone tries to register. I've spent a number of hours on this googling and searching for anyone working with 1.2 and 7970's, but I can't find any information. Any help would be much appreciated. Scenario: cisco 7970 -> switch -> pfsense/soekris/nat -> cable modem -> remote pbx Local firewall has port forwarding on for 5060 tcp/udp to my internal * box, and also for UDP 10000-30000 port forwarded to local * box as well. Is there anything else I can try? Thanks, Matt
Matt Gibson
2007-Apr-24 14:46 UTC
[asterisk-users] Re: ast 1.2.x - cisco 7970 behind nat to external asterisk with no nat
Here is a followup: I've now tried SIP 7.0.5 which also doesn't work. I've also got debugging information from both sites (1.4.2, nat, local) and (1.2.16, no nat, remote) which I will paste below. Any help would be greatly appreciated. It looks to me like the issue is the following: Authorization: Digest username="8080",realm="asterisk",uri="sip:10.0.2.10",response="f990f963433d72944ca125d5c62c275d",nonce="13a80653",algorithm=MD5 Content-Length: 0 That appears on the 1.4.2 site, but not the 1.2.16 side. Is this why the phone isn't registering? I don't know enough about SIP to know for sure. SIP ON REMOTE BOX: ------------------ <-- SIP read from XXX.XXX.XXX.XXX:55511: REGISTER sip:pbx.somedomain.com SIP/2.0 Via: SIP/2.0/UDP 10.0.2.20:5060;branch=z9hG4bKf7e4cbea From: <sip:125@pbx.somedomain.com>;tag=0015faa0e8cf000779e2fc93-88fdab30 To: <sip:125@pbx.somedomain.com> Call-ID: 0015faa0-e8cf0005-9f301cb5-e7d34d98@10.0.2.20 Max-Forwards: 70 Date: Tue, 24 Apr 2007 GMT CSeq: 103 REGISTER User-Agent: Cisco-CP7970G/8.0 Contact: <sip:125@10.0.2.20:5060;transport=udp>;+sip.instance="<urn:uuid:00000000-0000-0000-0000-0015faa0e8cf>";+u.sip!model.ccm.cisco.com="30006" Content-Length: 0 Expires: 3600 --- (12 headers 0 lines) --- Using latest REGISTER request as basis request Sending to 10.0.2.20 : 5060 (NAT) Transmitting (NAT) to XXX.XXX.XXX.XXX:55511: SIP/2.0 100 Trying Via: SIP/2.0/UDP 10.0.2.20:5060;branch=z9hG4bKf7e4cbea;received=XXX.XXX.XXX.XXX From: <sip:125@pbx.somedomain.com>;tag=0015faa0e8cf000779e2fc93-88fdab30 To: <sip:125@pbx.somedomain.com> Call-ID: 0015faa0-e8cf0005-9f301cb5-e7d34d98@10.0.2.20 CSeq: 103 REGISTER User-Agent: Asterisk PBX Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY Contact: <sip:125@216.145.22.110> Content-Length: 0 --- Transmitting (NAT) to XXX.XXX.XXX.XXX:55511: SIP/2.0 401 Unauthorized Via: SIP/2.0/UDP 10.0.2.20:5060;branch=z9hG4bKf7e4cbea;received=XXX.XXX.XXX.XXX From: <sip:125@pbx.somedomain.com>;tag=0015faa0e8cf000779e2fc93-88fdab30 To: <sip:125@pbx.somedomain.com>;tag=as67521997 Call-ID: 0015faa0-e8cf0005-9f301cb5-e7d34d98@10.0.2.20 CSeq: 103 REGISTER User-Agent: Asterisk PBX Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="1810bf00" Content-Length: 0 SIP ON LOCAL (NO NAT) BOX: -------------------------- <--- SIP read from 10.0.2.20:51950 ---> REGISTER sip:10.0.2.10 SIP/2.0 Via: SIP/2.0/UDP 10.0.2.20:5060;branch=z9hG4bKb64f7d91 From: <sip:8080@10.0.2.10>;tag=0015faa0e8cf0002ce03525c-f41c3afb To: <sip:8080@10.0.2.10> Call-ID: 0015faa0-e8cf0002-ce1851de-2d1c9545@10.0.2.20 Max-Forwards: 70 Date: Tue, 24 Apr 2007 GMT CSeq: 102 REGISTER User-Agent: Cisco-CP7970G/8.0 Contact: <sip:8080@10.0.2.20:5060;transport=udp>;+sip.instance="<urn:uuid:00000000-0000-0000-0000-0015faa0e8cf>";+u.sip!model.ccm.cisco.com="30006" Authorization: Digest username="8080",realm="asterisk",uri="sip:10.0.2.10",response="f990f963433d72944ca125d5c62c275d",nonce="13a80653",algorithm=MD5 Content-Length: 0 Expires: 3600 <-------------> --- (13 headers 0 lines) --- Using latest REGISTER request as basis request Sending to 10.0.2.20 : 5060 (no NAT) <--- Transmitting (no NAT) to 10.0.2.20:5060 ---> SIP/2.0 100 Trying Via: SIP/2.0/UDP 10.0.2.20:5060;branch=z9hG4bKb64f7d91;received=10.0.2.20 From: <sip:8080@10.0.2.10>;tag=0015faa0e8cf0002ce03525c-f41c3afb To: <sip:8080@10.0.2.10> Call-ID: 0015faa0-e8cf0002-ce1851de-2d1c9545@10.0.2.20 CSeq: 102 REGISTER User-Agent: Asterisk PBX Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY Supported: replaces Contact: <sip:8080@10.0.2.10> Content-Length: 0 <------------> pbx*CLI> <--- Transmitting (no NAT) to 10.0.2.20:5060 ---> SIP/2.0 200 OK Via: SIP/2.0/UDP 10.0.2.20:5060;branch=z9hG4bKb64f7d91;received=10.0.2.20 From: <sip:8080@10.0.2.10>;tag=0015faa0e8cf0002ce03525c-f41c3afb To: <sip:8080@10.0.2.10>;tag=as3d34555a Call-ID: 0015faa0-e8cf0002-ce1851de-2d1c9545@10.0.2.20 CSeq: 102 REGISTER User-Agent: Asterisk PBX Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY Supported: replaces Expires: 3600 Contact: <sip:8080@10.0.2.20:5060;transport=udp>;expires=3600 Date: Tue, 24 Apr 2007 21:40:09 GMT Content-Length: 0 Thanks for your help! On 24/04/07, Matt Gibson <diwelf@gmail.com> wrote:> Hi All, > > As the subject describes, has anyone gotten this to work? I am running > an asterisk 1.2.16 server, and am trying to register my cisco 7970 > remotely to it, but it just won't go. > > I am running 1.4.2 internally and the phone registers fine to it. I'm > using the latest firmware (i think) - 8.2.1S > > On the server in question I have tried the following for the sip declaration: > > qualify=never > nat=no (yes) > defaultip=(natip)(externalip) > md5secret=<md5pass> > or > secret=<secret> > > Nothing seems to work, and I continually get "sip 401 unauthorized" > messages on the console when the phone tries to register. > > I've spent a number of hours on this googling and searching for anyone > working with 1.2 and 7970's, but I can't find any information. Any > help would be much appreciated. > > Scenario: > > cisco 7970 -> switch -> pfsense/soekris/nat -> cable modem -> remote pbx > > Local firewall has port forwarding on for 5060 tcp/udp to my internal > * box, and also for UDP 10000-30000 port forwarded to local * box as > well. Is there anything else I can try? > > Thanks, > Matt >