07-06-2015 05:21 PM - edited 03-17-2019 03:33 AM
Hi.
I'm having some difficulties configuring our 2801 acting as CUBE to work with our new VOIP provider. Everything worked perfectly with our previous provider TDC, but for a number of reasons we had to change and we choose CellIP as our new provider.
First off, what works? Inbound calls works just as expected. Calls get connected and no audio problems. What doesn’t work is our outbound calls.
The setup looks like this:
CUCM 7.1 -> Cisco 2801 12.4(13r)T -> ASA5520 -> Internet WAN
I have setup a static NAT in the ASA for inbound traffic on 5060-5065 from the providers IP-addresses and are pointing this traffic to the 2801. I have also created a dynamic mapping so that outbound traffic from the 2801 uses the same IP-address as is used for inbound calls, which also is registered with the provider.
I have tried reading up on SIP authentication but I’m not sure on how to troubleshoot this problem further. The provider can’t provide any more help than that the error message indicates something wrong with the authentication. They think that this might be the problem, although the solution is for Asterisk, but I don’t know how to implement the solution in my configuration.
We need to authenticate our SIP-trunk so, for that reason I have setup a SIP-UA in the 2801 looking like this.
sip-ua
credentials username 4******5 password 7 ********* realm sip.cellip.com
no remote-party-id
retry invite 2
retry response 2
retry bye 2
timers trying 150
timers expires 60000
registrar dns:sip.cellip.com expires 3600
sip-server dns:sip.cellip.com
And debug message looks like this. If I read it correctly the first attempt fails men using “www-authentication”, but the gets accepted:
*Jul 6 21:56:04.775: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Sent:
REGISTER sip:sip.cellip.com:5060 SIP/2.0
Via: SIP/2.0/UDP 172.16.21.12:5060;branch=z9hG4bK325A7
From: <sip:4****5@sip.cellip.com>;tag=2C7064-219B
To: sip:4****5@sip.cellip.com
Date: Mon, 06 Jul 2015 21:56:04 GMT
Call-ID: EB05DCAF-235911E5-80028B0A-E00CE021
User-Agent: Cisco-SIPGateway/IOS-12.x
Max-Forwards: 70
Timestamp: 1436219764
CSeq: 4 REGISTER
Contact: sip:4****5@172.16.21.12:5060
Expires: 3600
Supported: path
Content-Length: 0
*Jul 6 21:56:04.799: //4/000000000000/SIP/Msg/ccsipDisplayMsg:
Received:
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 172.16.21.12:5060;branch=z9hG4bK325A7;received=*.*.*.115;rport=12560
To: <sip:4****5@sip.cellip.com>;tag=b9b00073
From: <sip:4****5@sip.cellip.com>;tag=2C7064-219B
Call-ID: EB05DCAF-235911E5-80028B0A-E00CE021
CSeq: 4 REGISTER
WWW-Authenticate: Digest nonce="1436219622:4060594ce535d637fb74e9f9751ec59c",algorithm=MD5,realm="sip.cellip.com"Content-Length: 0
*Jul 6 21:56:04.803: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Sent:
REGISTER sip:sip.cellip.com:5060 SIP/2.0
Via: SIP/2.0/UDP 172.16.21.12:5060;branch=z9hG4bK443
From: <sip:4****5@sip.cellip.com>;tag=2C7064-219B
To: sip:4****5@sip.cellip.com
Date: Mon, 06 Jul 2015 21:56:04 GMT
Call-ID: EB05DCAF-235911E5-80028B0A-E00CE021
User-Agent: Cisco-SIPGateway/IOS-12.x
Max-Forwards: 70
Timestamp: 1436219764
CSeq: 5 REGISTER
Contact: sip:4****5@172.16.21.12:5060
Expires: 3600
Authorization: Digest username="4****5",realm="sip.cellip.com",uri="sip:sip.cellip.com:5060",response="a9fb99ffdb00dccebe7a7f18e0b99572",nonce="1436219622:4060594ce535d637fb74e9f9751ec59c",algorithm=MD5Content-Length: 0
*Jul 6 21:56:04.839: //4/000000000000/SIP/Msg/ccsipDisplayMsg:
Received:
SIP/2.0 200 OK
Via: SIP/2.0/UDP 172.16.21.12:5060;branch=z9hG4bK443;received=*.*.*.115;rport=12560
Contact: <sip:4****5@*.*.*.115:40526;transport=UDP>;expires=720
Contact: <sip:4****5@*.*.*.115:12560;transport=UDP>;expires=3600
To: <sip:4****5@sip.cellip.com>;tag=109f7a30
From: <sip:4****5@sip.cellip.com>;tag=2C7064-219B
Call-ID: EB05DCAF-235911E5-80028B0A-E00CE021
CSeq: 5 REGISTER
Date: Mon, 06 Jul 2015 21:53:42 GMT
PortaBilling: available-funds:****.**** currency:SEK
Content-Length: 0
So, the authentications looks OK, but when I try to make an outbound call, I get the error “SIP/2.0 401 Unauthorized”:
*Jul 6 23:23:55.571: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Received:
INVITE sip:04*****8@172.16.21.12:5060 SIP/2.0
Date: Tue, 07 Jul 2015 06:23:13 GMT
Call-Info: <sip:172.16.21.20:5060>;method="NOTIFY;Event=telephone-event;Duration=500"
Allow: INVITE, OPTIONS, INFO, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY
From: <sip:04*****6@172.16.21.20>;tag=b7fd6ac6-e8d0-47b5-8a53-e836f9e1659f-23910483
Allow-Events: presence, kpml
P-Asserted-Identity: sip:04*****6@172.16.21.20
Supported: timer,resource-priority,replaces
Min-SE: 3600
Remote-Party-ID: <sip:04*****6@172.16.21.20>;party=calling;screen=yes;privacy=off
Content-Length: 0
User-Agent: Cisco-CUCM7.0
To: sip:04*****8@172.16.21.12
Contact: sip:04*****6@172.16.21.20:5060
Expires: 180
Call-ID: a3e8e400-59b17051-37c-141510ac@172.16.21.20
Via: SIP/2.0/UDP 172.16.21.20:5060;branch=z9hG4bK4143f0f3af9
CSeq: 101 INVITE
Session-Expires: 3600
Max-Forwards: 70
*Jul 6 23:23:55.591: //10/E7B827B08018/SIP/Msg/ccsipDisplayMsg:
Sent:
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 172.16.21.20:5060;branch=z9hG4bK4143f0f3af9
From: <sip:04*****6@172.16.21.20>;tag=b7fd6ac6-e8d0-47b5-8a53-e836f9e1659f-23910483
To: sip:04*****8@172.16.21.12
Date: Mon, 06 Jul 2015 23:23:55 GMT
Call-ID: a3e8e400-59b17051-37c-141510ac@172.16.21.20
CSeq: 101 INVITE
Allow-Events: telephone-event
Server: Cisco-SIPGateway/IOS-12.x
Content-Length: 0
*Jul 6 23:23:55.607: //11/E7B827B08018/SIP/Msg/ccsipDisplayMsg:
Sent:
INVITE sip:464*****8@sip.cellip.com:5060 SIP/2.0
Via: SIP/2.0/UDP 172.16.21.12:5060;branch=z9hG4bK91284
From: <sip:464*****6@***.**.***.115>;tag=7CDD90-11D3
To: sip:464*****8@sip.cellip.com
Date: Mon, 06 Jul 2015 23:23:55 GMT
Call-ID: E7BBD138-236C11E5-801E8B0A-E00CE021@***.**.***.115
Supported: 100rel,timer,resource-priority,replaces,sdp-anat
Min-SE: 3600
Cisco-Guid: 3887605680-0594285029-2149092106-3758940193
User-Agent: Cisco-SIPGateway/IOS-12.x
Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY, INFO, REGISTER
CSeq: 101 INVITE
Timestamp: 1436225035
Contact: sip:464*****6@172.16.21.12:5060
Expires: 60
Allow-Events: telephone-event
Max-Forwards: 69
P-Asserted-Identity: sip:464*****6@***.**.***.115
Session-Expires: 3600
Content-Type: application/sdp
Content-Disposition: session;handling=required
Content-Length: 259
v=0
o=CiscoSystemsSIP-GW-UserAgent 3377 8789 IN IP4 172.16.21.12
s=SIP Call
c=IN IP4 172.16.21.12
t=0 0
m=audio 18120 RTP/AVP 0 8 101
c=IN IP4 172.16.21.12
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
*Jul 6 23:23:55.647: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Received:
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 172.16.21.12:5060;branch=z9hG4bK91284;received=***.**.***.115;rport=48615
To: sip:464*****8@sip.cellip.com
From: <sip:464*****6@***.**.***.115>;tag=7CDD90-11D3
Call-ID: E7BBD138-236C11E5-801E8B0A-E00CE021@***.**.***.115
CSeq: 101 INVITE
Content-Length: 0
*Jul 6 23:23:55.667: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Received:
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 172.16.21.12:5060;received=***.**.***.115;branch=z9hG4bK91284;rport=48615
Record-Route: sip:62.84.202.106:5060;transport=udp;lr
To: sip:464*****8@sip.cellip.com
From: <sip:464*****6@***.**.***.115>;tag=7CDD90-11D3
Call-ID: E7BBD138-236C11E5-801E8B0A-E00CE021@***.**.***.115
CSeq: 101 INVITE
Server: Sippy
WWW-Authenticate: Digest realm="sip.cellip.com",nonce="b3acde029185f6230b408d09ee2590f2e496"
Content-Length: 0
My configuration on the 2801 looks like this:
voice service voip
ip address trusted list
ipv4 0.0.0.0 0.0.0.0
allow-connections sip to sip
redirect ip2ip
fax protocol pass-through g711alaw
sip
bind control source-interface FastEthernet0/0
bind media source-interface FastEthernet0/0
min-se 3600 session-expires 3600
registrar server expires max 1500 min 600
asserted-id pai
redirect contact order best-match
localhost dns:sip.cellip.com
early-offer forced
registration passthrough
!
voice class codec 1
codec preference 1 g711ulaw
codec preference 2 g711alaw
!
voice class sip-profiles 10
request INVITE sip-header Call-ID modify "(.*)@(.*)" "\1@***.**.***.115"
request INVITE sip-header From modify "@(.*);tag=(.*)" "@***.**.***.115>;tag=\2"
request INVITE sip-header P-Asserted-Identity modify "@(.*)>" "@***.**.***.115>"
!
voice translation-rule 10
rule 1 /^0/ /46/
!
voice translation-rule 30
rule 1 /^00/ /+/
!
voice translation-rule 300
rule 1 /^/ /+/
!
voice translation-profile 10
translate calling 10
translate called 10
!
voice translation-profile 30
translate calling 10
translate called 30
!
voice translation-profile 300
translate called 300
!
voice-card 0
!
interface FastEthernet0/0
ip address 172.16.21.12 255.255.255.0
duplex auto
speed auto
!
dial-peer voice 1 voip
description Outgoing calls forwarded to CellIP
translation-profile outgoing 10
destination-pattern 0T
session protocol sipv2
session target dns:sip.cellip.com
session transport udp
voice-class codec 1
no voice-class sip associate registered-number
voice-class sip profiles 10
voice-class sip registration passthrough
dtmf-relay rtp-nte
no vad
!
dial-peer voice 10 voip
description Outbound domestic calles to TDC SIP
translation-profile outgoing 30
destination-pattern 00T
session protocol sipv2
session target dns:sip1.cellip.com
session transport udp
voice-class codec 1
dtmf-relay rtp-nte
!
dial-peer voice 100 voip
description Inbound calls from CellIP SIP-trunk
translation-profile outgoing 300
destination-pattern 46T
session protocol sipv2
session target dns:cucmbe01.voice.**********.local
session transport udp
voice-class codec 1
dtmf-relay rtp-nte
no vad
!
sip-ua
credentials username 4*****5 password 7 ********** realm sip.cellip.com
no remote-party-id
retry invite 2
retry response 2
retry bye 2
timers trying 150
timers expires 60000
registrar dns:sip.cellip.com expires 3600
sip-server dns:sip.cellip.com
Can anyone provide me with some insight?
Best regards,
Johan Christensson
Solved! Go to Solution.
07-20-2015 01:57 PM
07-20-2015 02:24 PM
Hi Johan
On dial-peer 10 please remove voice class sip profile and voice class sip registration passthrough.
Let me know
Thx
Carlo
07-20-2015 02:51 PM
That did the trick!! Thanks alot!
I tested a bit by adding the lines back, and when adding backl the "voice class sip profile" it stopped working again.
The reason I set that up was because I tryed to mimik the invites I recived from the ITSP. Is there a simple explenation to why it caused these problems, or was it just a hunch?
Best regards,
Johan Christensson
07-20-2015 09:44 PM
Hi Johan.
Basically you added the sip profile to an outbound dialpeer which was modifying your username and the provider rejected because didn't recognize it.
If you want to modify the from field that you are receiving, add a dialpeer with incoming called-number statement matching your assigned did and there you can add the sip profile 10.
Thanks for nice rating.
Cheers
Carlo
07-20-2015 09:11 PM
Hi Carlo,
Nice job, +5.
Thanks
07-20-2015 09:47 PM
Thanks for nice rating Vivek.
You also are doing a great job on this community !
Cheers
Carlo
07-20-2015 12:47 PM
Hi Johan.
Can you please post your actual config?
Thanks
regards
Carlo
07-20-2015 09:30 AM
Configure the authentication command without realm as follow:
sip-ua
authencation username 4******5 password 7 *********
Also, make sure that you debugs are in text file. Don't paste your debugs directly in the post.
03-25-2019 01:03 PM
That did it for me. I needed the credentials number xxxxxxxxx username xxxxxx password 7 xxxxxx realm x.x.x.x. Without that i couldn't get outbound calls to complete. I was getting the 401 and then the:
*Mar 25 19:13:13.500: //62323/80A2C52CC000/SIP/Error/sipSPIHandleAuthChallenge:
Error getting credentials
*Mar 25 19:13:13.500: //62323/80A2C52CC000/SIP/Error/act_recdproc_new_message_response:
Error handling AuthenticationChallenge
Once i added the credentials with the "number" command i was good to go!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide