cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

New Hall of Fame Member-Peter PAluch

SIP Phones Unauthorized to Register in CME across ASA Site to Site VPN

289
Views
0
Helpful
1
Comments

Question

I have a customer that is running CME 12 and all of his phones located at the office where the CME resides work just fine.  We just connected a satellite office to it using a ASA to ASA Site to Site VPN Tunnel.  The remote site is working great except none of the phones at that site are allowed to register with CME.  All of the phones have their proper IPs from DHCP with their required Option 150 and proper Gateway.

In fact when I run a debug ccsip all I see all of the phones trying to register with CME.  But they are all being rejected.

 

I have both networks defined to CME as Trusted.  All of the voice register pools are fine because if I bring the phones over to the main office they register and work just fine.

 

voice service voip
 ip address trusted list
  ipv4 10.100.200.0 255.255.255.0
  ipv4 10.10.200.0 255.255.255.0

 

I am allowing all protocols and ports both ways across the tunnel with the ACLs.

I have no-proxy-arp route-lookup on my NAT statements on both ASA's.

I have tried it with both

policy-map global_policy
 class inspection_default

  inspect sip

 

and no inspect sip

 

Still getting this message when the phones at the remote site try and register...

 

092673: *Feb 11 09:53:41.539 CST: //1577/07D93A6682DB/SIP/Msg/ccsipDisplayMsg:
Sent:
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 10.100.200.103:5060;branch=z9hG4bK51fac813
From: <sip:13@10.10.200.1>;tag=0cd0f84a9a7e00121754f809-09250a68
To: <sip:13@10.10.200.1>;tag=AD238C-2618
Date: Mon, 11 Feb 2019 15:53:41 GMT
Call-ID: 0cd0f84a-9a7e0011-4d2da414-78742b53@10.100.200.103
Server: Cisco-SIPGateway/IOS-15.7.3.M1
CSeq: 148 REGISTER
WWW-Authenticate: Digest realm="",nonce="E0C8D8B50011508C",algorithm=MD5,qop="auth"Content-Length: 0

 

What am I doing wrong?

 

Answer

 

Comments
Cisco Employee

Can you please share the show run from the CME router? Also please collect 

debug ccsip message

debug voice register events

debug voice register error

 

Can you please try configuring the authenticate realm as well under the voice register global?

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucme/command/reference/cme_cr/cme_a1ht.html#wp3680833860

CreatePlease to create content
Blog-Cisco Community Designated VIP Dinner CLEUR2019