cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
configure & troubleshoot anyconnect
1418
Views
5
Helpful
7
Replies
Explorer

CUCM 11.5 SIP trunk to 3CX

Hello, My customer is running CUCM version 11.5 and trying to integrate a 3rd Party PBX (3CX) that it has in the office so that extensions on CUCM can 4 digit dial 3CX extensions. The 3CX system requires the SIP Trunk to have authentication. I know this is possible using Cisco CUBE under the SIP UA settings but I have never seen this option directly on CUCM. The customer doesn't have a CUBE to work with and wants to know if it can be done directly on CUCM. The guide the 3cx vendor gave me to follow as this but the main point I am asking is can I do authentication on a SIP trunk directly on CUCM or do I need a CUBE. I was reading about SIP REALMS is this possibly my answer?

The reference guide 3cx gave me to follow was not for CUCM but gives the basic idea of what I am trying to achieve. This guide is below

http://www.3cx.com/docs/bridging-asterisk-pbx/

Thanks Ryan

7 REPLIES 7
Hall of Fame Master

Authentication is not an

Authentication is not an option on SIP trunks in CUCM, and as you point out CUBE would be required. One option would be see if that is something you can add via LUA normalization script in CUCM, check out this great video tutorial to get started:

https://supportforums.cisco.com/video/12151771/guide-sip-normalization-cucm-and-lua-scripting

Chris

Explorer

Chris my findings so far

Chris my findings so far agree's with your comments that Authentication is not an option on SIP trunks in UCM but wanted to be sure so I asked the question.

Neat video on LUA but it's not obvious to me how this will help me with my end game can you perhaps give some guidance?

Thanks 

Hall of Fame Master

If you can find out the SIP

If you can find out the SIP header syntax for what 3CX expects for authentication then you should be able to easily add it to the INVITE message by appending an outbound LUA function and apply to the SIP trunk. Might be worth a shot. 

VIP Advisor

Hi,

Hi,

I believe authentication is supported on CUCM SIP trunks and can be configured as below. I remember testing this during my CCIE preparations.

 

Step 1 Check the Enable Digest Authentication check box in a SIP Trunk Security profile.

Navigate to System > Security Profile > SIP Trunk Security Profile > Add New.

 

Step 2 Apply the security profile to your SIP Trunk

Navigate to Device > Trunk > #Select-SIP-Trunk#

 

Step 3 Configure unique cluster ID under Enterprise Parameters. This will be CUCM realm configured in your 3CX

 

Step 4 Create new application user (it can be an existing application user) and assign Digest Credentials. CUCM will match 3CX username/digest against this application user after challenging 3CX

 

Step 5 Configure SIP Realm matching 3CX ID. Navigate to User Management > SIP Realm > Add New.

 

Step 6 The username/password under the realm should match 3CX digest user/pass. CUCM will use this account once received challenge request from 3CX

Explorer

Hello Mohammed

Hello Mohammed

I tried the steps as you described and as per the Cisco Guide. Can you help me understand how the username you assign under the SIP Realm gets actually associated to the trunk? Is the username under SIP Realm actually a global username that gets assigned to all SIP trunks that you use DIGEST Authentication on ?

Thanks Ryan

VIP Advisor

For outgoing calls:

For outgoing calls:

- Cucm will receive challenge request from 3cx.

- cucm will lookup realm database and will respond to challenge request including the username and hashed digest of the matched realm

- 3cx will compare the received values against its database.

For incoming calls:

- cucm will send challenge request using cluster id as realm

- 3cx will respond to challenge request with username and hashed digest based on matched cucm cluster id

- cucm will lookup the received username against application users database and comapre the digest value

Highlighted

Re: For outgoing calls:ok I have done all the above and gave me a message said that trunk is not allowed to register from 3cx part. And from Cisco part it generate 407proxy authentication required please help



@Mohammed al Baqari wrote:

For outgoing calls:

 

- Cucm will receive challenge request from 3cx.

- cucm will lookup realm database and will respond to challenge request including the username and hashed digest of the matched realm

- 3cx will compare the received values against its database.

 

For incoming calls:

- cucm will send challenge request using cluster id as realm

- 3cx will respond to challenge request with username and hashed digest based on matched cucm cluster id

- cucm will lookup the received username against application users database and comapre the digest value


@Mohammed al Baqari wrote:

For outgoing calls:

 

- Cucm will receive challenge request from 3cx.

- cucm will lookup realm database and will respond to challenge request including the username and hashed digest of the matched realm

- 3cx will compare the received values against its database.

 

For incoming calls:

- cucm will send challenge request using cluster id as realm

- 3cx will respond to challenge request with username and hashed digest based on matched cucm cluster id

- cucm will lookup the received username against application users database and comapre the digest value



@Mohammed al Baqari wrote:

For outgoing calls:

 

- Cucm will receive challenge request from 3cx.

- cucm will lookup realm database and will respond to challenge request including the username and hashed digest of the matched realm

- 3cx will compare the received values against its database.

 

For incoming calls:

- cucm will send challenge request using cluster id as realm

- 3cx will respond to challenge request with username and hashed digest based on matched cucm cluster id

- cucm will lookup the received username against application users database and comapre the digest value


 

CreatePlease to create content