Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
17022
Views
20
Helpful
23
Replies

Problem with SIP-UA against provider

Go to solution
Johan Christensson
Level 1
Level 1

‎07-06-2015 05:21 PM - edited ‎03-17-2019 03:33 AM

Hi.

I'm having some difficulties configuring our 2801 acting as CUBE to work with our new VOIP provider. Everything worked perfectly with our previous provider TDC, but for a number of reasons we had to change and we choose CellIP as our new provider.

First off, what works? Inbound calls works just as expected. Calls get connected and no audio problems. What doesn’t work is our outbound calls.

The setup looks like this:

CUCM 7.1 -> Cisco 2801 12.4(13r)T -> ASA5520 -> Internet WAN

I have setup a static NAT in the ASA for inbound traffic on 5060-5065 from the providers IP-addresses and are pointing this traffic to the 2801. I have also created a dynamic mapping so that outbound traffic from the 2801 uses the same IP-address as is used for inbound calls, which also is registered with the provider.

I have tried reading up on SIP authentication but I’m not sure on how to troubleshoot this problem further. The provider can’t provide any more help than that the error message indicates something wrong with the authentication. They think that this might be the problem, although the solution is for Asterisk, but I don’t know how to implement the solution in my configuration.

We need to authenticate our SIP-trunk so, for that reason I have setup a SIP-UA in the 2801 looking like this.

sip-ua
credentials username 4******5 password 7 ********* realm sip.cellip.com
no remote-party-id
retry invite 2
retry response 2
retry bye 2
timers trying 150
timers expires 60000
registrar dns:sip.cellip.com expires 3600
sip-server dns:sip.cellip.com

And debug message looks like this. If I read it correctly the first attempt fails men using “www-authentication”, but the gets accepted:

*Jul  6 21:56:04.775: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Sent:
REGISTER sip:sip.cellip.com:5060 SIP/2.0
Via: SIP/2.0/UDP 172.16.21.12:5060;branch=z9hG4bK325A7
From: <sip:4****5@sip.cellip.com>;tag=2C7064-219B
To: sip:4****5@sip.cellip.com
Date: Mon, 06 Jul 2015 21:56:04 GMT
Call-ID: EB05DCAF-235911E5-80028B0A-E00CE021
User-Agent: Cisco-SIPGateway/IOS-12.x
Max-Forwards: 70
Timestamp: 1436219764
CSeq: 4 REGISTER
Contact: sip:4****5@172.16.21.12:5060
Expires:  3600
Supported: path
Content-Length: 0

 

*Jul  6 21:56:04.799: //4/000000000000/SIP/Msg/ccsipDisplayMsg:
Received:
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 172.16.21.12:5060;branch=z9hG4bK325A7;received=*.*.*.115;rport=12560
To: <sip:4****5@sip.cellip.com>;tag=b9b00073
From: <sip:4****5@sip.cellip.com>;tag=2C7064-219B
Call-ID: EB05DCAF-235911E5-80028B0A-E00CE021
CSeq: 4 REGISTER
WWW-Authenticate: Digest nonce="1436219622:4060594ce535d637fb74e9f9751ec59c",algorithm=MD5,realm="sip.cellip.com"Content-Length: 0

*Jul  6 21:56:04.803: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Sent:
REGISTER sip:sip.cellip.com:5060 SIP/2.0
Via: SIP/2.0/UDP 172.16.21.12:5060;branch=z9hG4bK443
From: <sip:4****5@sip.cellip.com>;tag=2C7064-219B
To: sip:4****5@sip.cellip.com
Date: Mon, 06 Jul 2015 21:56:04 GMT
Call-ID: EB05DCAF-235911E5-80028B0A-E00CE021
User-Agent: Cisco-SIPGateway/IOS-12.x
Max-Forwards: 70
Timestamp: 1436219764
CSeq: 5 REGISTER
Contact: sip:4****5@172.16.21.12:5060
Expires: 3600
Authorization: Digest username="4****5",realm="sip.cellip.com",uri="sip:sip.cellip.com:5060",response="a9fb99ffdb00dccebe7a7f18e0b99572",nonce="1436219622:4060594ce535d637fb74e9f9751ec59c",algorithm=MD5Content-Length: 0

*Jul  6 21:56:04.839: //4/000000000000/SIP/Msg/ccsipDisplayMsg:
Received:
SIP/2.0 200 OK
Via: SIP/2.0/UDP 172.16.21.12:5060;branch=z9hG4bK443;received=*.*.*.115;rport=12560
Contact: <sip:4****5@*.*.*.115:40526;transport=UDP>;expires=720
Contact: <sip:4****5@*.*.*.115:12560;transport=UDP>;expires=3600
To: <sip:4****5@sip.cellip.com>;tag=109f7a30
From: <sip:4****5@sip.cellip.com>;tag=2C7064-219B
Call-ID: EB05DCAF-235911E5-80028B0A-E00CE021
CSeq: 5 REGISTER
Date: Mon, 06 Jul 2015 21:53:42 GMT
PortaBilling: available-funds:****.**** currency:SEK
Content-Length: 0

So, the authentications looks OK, but when I try to make an outbound call, I get the error “SIP/2.0 401 Unauthorized”:

*Jul  6 23:23:55.571: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Received:
INVITE sip:04*****8@172.16.21.12:5060 SIP/2.0
Date: Tue, 07 Jul 2015 06:23:13 GMT
Call-Info: <sip:172.16.21.20:5060>;method="NOTIFY;Event=telephone-event;Duration=500"
Allow: INVITE, OPTIONS, INFO, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY
From: <sip:04*****6@172.16.21.20>;tag=b7fd6ac6-e8d0-47b5-8a53-e836f9e1659f-23910483
Allow-Events: presence, kpml
P-Asserted-Identity: sip:04*****6@172.16.21.20
Supported: timer,resource-priority,replaces
Min-SE:  3600
Remote-Party-ID: <sip:04*****6@172.16.21.20>;party=calling;screen=yes;privacy=off
Content-Length: 0
User-Agent: Cisco-CUCM7.0
To: sip:04*****8@172.16.21.12
Contact: sip:04*****6@172.16.21.20:5060
Expires: 180
Call-ID: a3e8e400-59b17051-37c-141510ac@172.16.21.20
Via: SIP/2.0/UDP 172.16.21.20:5060;branch=z9hG4bK4143f0f3af9
CSeq: 101 INVITE
Session-Expires:  3600
Max-Forwards: 70

*Jul  6 23:23:55.591: //10/E7B827B08018/SIP/Msg/ccsipDisplayMsg:
Sent:
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 172.16.21.20:5060;branch=z9hG4bK4143f0f3af9
From: <sip:04*****6@172.16.21.20>;tag=b7fd6ac6-e8d0-47b5-8a53-e836f9e1659f-23910483
To: sip:04*****8@172.16.21.12
Date: Mon, 06 Jul 2015 23:23:55 GMT
Call-ID: a3e8e400-59b17051-37c-141510ac@172.16.21.20
CSeq: 101 INVITE
Allow-Events: telephone-event
Server: Cisco-SIPGateway/IOS-12.x
Content-Length: 0

*Jul  6 23:23:55.607: //11/E7B827B08018/SIP/Msg/ccsipDisplayMsg:
Sent:
INVITE sip:464*****8@sip.cellip.com:5060 SIP/2.0
Via: SIP/2.0/UDP 172.16.21.12:5060;branch=z9hG4bK91284
From: <sip:464*****6@***.**.***.115>;tag=7CDD90-11D3
To: sip:464*****8@sip.cellip.com
Date: Mon, 06 Jul 2015 23:23:55 GMT
Call-ID: E7BBD138-236C11E5-801E8B0A-E00CE021@***.**.***.115
Supported: 100rel,timer,resource-priority,replaces,sdp-anat
Min-SE:  3600
Cisco-Guid: 3887605680-0594285029-2149092106-3758940193
User-Agent: Cisco-SIPGateway/IOS-12.x
Allow: INVITE, OPTIONS, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY, INFO, REGISTER
CSeq: 101 INVITE
Timestamp: 1436225035
Contact: sip:464*****6@172.16.21.12:5060
Expires: 60
Allow-Events: telephone-event
Max-Forwards: 69
P-Asserted-Identity: sip:464*****6@***.**.***.115
Session-Expires:  3600
Content-Type: application/sdp
Content-Disposition: session;handling=required
Content-Length: 259

v=0
o=CiscoSystemsSIP-GW-UserAgent 3377 8789 IN IP4 172.16.21.12
s=SIP Call
c=IN IP4 172.16.21.12
t=0 0
m=audio 18120 RTP/AVP 0 8 101
c=IN IP4 172.16.21.12
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
 

*Jul  6 23:23:55.647: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Received:
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 172.16.21.12:5060;branch=z9hG4bK91284;received=***.**.***.115;rport=48615
To: sip:464*****8@sip.cellip.com
From: <sip:464*****6@***.**.***.115>;tag=7CDD90-11D3
Call-ID: E7BBD138-236C11E5-801E8B0A-E00CE021@***.**.***.115
CSeq: 101 INVITE
Content-Length: 0
 

*Jul  6 23:23:55.667: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Received:
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 172.16.21.12:5060;received=***.**.***.115;branch=z9hG4bK91284;rport=48615
Record-Route: sip:62.84.202.106:5060;transport=udp;lr
To: sip:464*****8@sip.cellip.com
From: <sip:464*****6@***.**.***.115>;tag=7CDD90-11D3
Call-ID: E7BBD138-236C11E5-801E8B0A-E00CE021@***.**.***.115
CSeq: 101 INVITE
Server: Sippy
WWW-Authenticate: Digest realm="sip.cellip.com",nonce="b3acde029185f6230b408d09ee2590f2e496"
Content-Length: 0

 

My configuration on the 2801 looks like this:

voice service voip
ip address trusted list
  ipv4 0.0.0.0 0.0.0.0
 allow-connections sip to sip
 redirect ip2ip
 fax protocol pass-through g711alaw
 sip
  bind control source-interface FastEthernet0/0
  bind media source-interface FastEthernet0/0
  min-se 3600 session-expires 3600
  registrar server expires max 1500 min 600
  asserted-id pai
  redirect contact order best-match
  localhost dns:sip.cellip.com
  early-offer forced
  registration passthrough
!
voice class codec 1
 codec preference 1 g711ulaw
 codec preference 2 g711alaw
!
voice class sip-profiles 10
 request INVITE sip-header Call-ID modify "(.*)@(.*)" "\1@***.**.***.115"
 request INVITE sip-header From modify "@(.*);tag=(.*)" "@***.**.***.115>;tag=\2"
 request INVITE sip-header P-Asserted-Identity modify "@(.*)>" "@***.**.***.115>"
!
voice translation-rule 10
 rule 1 /^0/ /46/
!
voice translation-rule 30
 rule 1 /^00/ /+/
!
voice translation-rule 300
 rule 1 /^/ /+/
!
voice translation-profile 10
 translate calling 10
 translate called 10
!
voice translation-profile 30
 translate calling 10
 translate called 30
!
voice translation-profile 300
 translate called 300
!
voice-card 0
!
interface FastEthernet0/0
 ip address 172.16.21.12 255.255.255.0
 duplex auto
 speed auto
!
dial-peer voice 1 voip
 description Outgoing calls forwarded to CellIP
 translation-profile outgoing 10
 destination-pattern 0T
 session protocol sipv2
 session target dns:sip.cellip.com
 session transport udp
 voice-class codec 1
 no voice-class sip associate registered-number
 voice-class sip profiles 10
 voice-class sip registration passthrough
 dtmf-relay rtp-nte
 no vad
!
dial-peer voice 10 voip
 description Outbound domestic calles to TDC SIP
 translation-profile outgoing 30
 destination-pattern 00T
 session protocol sipv2
 session target dns:sip1.cellip.com
 session transport udp
 voice-class codec 1
 dtmf-relay rtp-nte
!
dial-peer voice 100 voip
 description Inbound calls from CellIP SIP-trunk
 translation-profile outgoing 300
 destination-pattern 46T
 session protocol sipv2
 session target dns:cucmbe01.voice.**********.local
 session transport udp
 voice-class codec 1
 dtmf-relay rtp-nte
 no vad
!
sip-ua
 credentials username 4*****5 password 7 ********** realm sip.cellip.com
 no remote-party-id
 retry invite 2
 retry response 2
 retry bye 2
 timers trying 150
 timers expires 60000
 registrar dns:sip.cellip.com expires 3600
 sip-server dns:sip.cellip.com

Can anyone provide me with some insight?
 

Best regards,
Johan Christensson

Labels:
0 Helpful
23 Replies 23

Go to solution
Johan Christensson
Level 1
Level 1
In response to Carlo Poggiarelli

‎07-20-2015 01:57 PM

I think its basiclly the same result.

Best regards,
Johan Christensson

Preview file
47 KB
0 Helpful

Go to solution
Carlo Poggiarelli
VIP
VIP
In response to Johan Christensson

‎07-20-2015 02:24 PM

Hi Johan

On dial-peer 10 please remove voice class sip profile and voice class sip registration passthrough.

 

Let me know

Thx

Carlo

Please rate all helpful posts "The more you help the more you learn"

Go to solution
Johan Christensson
Level 1
Level 1
In response to Carlo Poggiarelli

‎07-20-2015 02:51 PM

That did the trick!! Thanks alot!

I tested a bit by adding the lines back, and when adding backl the "voice class sip profile" it stopped working again.

The reason I set that up was because I tryed to mimik the invites I recived from the ITSP. Is there a simple explenation to why it caused these problems, or was it just a hunch?

Best regards,
Johan Christensson

0 Helpful

Go to solution
Carlo Poggiarelli
VIP
VIP
In response to Johan Christensson

‎07-20-2015 09:44 PM

Hi Johan.

Basically you added the sip profile to an outbound dialpeer which was modifying your username and the provider rejected because didn't recognize it.

If you want to modify the from field that you are receiving, add a dialpeer with incoming called-number statement matching your assigned did and there you can add the sip profile 10.

Thanks for nice rating.

 

Cheers

 

Carlo

Please rate all helpful posts "The more you help the more you learn"
0 Helpful

Go to solution
Vivek Batra
VIP Alumni
VIP Alumni
In response to Carlo Poggiarelli

‎07-20-2015 09:11 PM

Hi Carlo,

Nice job, +5.

Thanks

0 Helpful

Go to solution
Carlo Poggiarelli
VIP
VIP
In response to Vivek Batra

‎07-20-2015 09:47 PM

Thanks for nice rating Vivek.

You also are doing a great job on this community !

 

Cheers

 

Carlo

 

 

Please rate all helpful posts "The more you help the more you learn"
0 Helpful

Go to solution
Carlo Poggiarelli
VIP
VIP
In response to Johan Christensson

‎07-20-2015 12:47 PM

Hi Johan.

Can you please post your actual config?

Thanks 

regards

 

Carlo

Please rate all helpful posts "The more you help the more you learn"
0 Helpful

Go to solution
Mohammed al Baqari
Level 11
Level 11
In response to Johan Christensson

‎07-20-2015 09:30 AM

Configure the authentication command without realm as follow:

 

sip-ua

authencation username 4******5 password 7 *********

 

Also, make sure that you debugs are in text file. Don't paste your debugs directly in the post.

0 Helpful

Go to solution
Tballard
Level 1
Level 1
In response to Carlo Poggiarelli

‎03-25-2019 01:03 PM

That did it for me.  I needed the credentials number xxxxxxxxx username xxxxxx password 7 xxxxxx realm x.x.x.x.  Without that i couldn't get outbound calls to complete.  I was getting the 401 and then the:

 

*Mar 25 19:13:13.500: //62323/80A2C52CC000/SIP/Error/sipSPIHandleAuthChallenge:
Error getting credentials
*Mar 25 19:13:13.500: //62323/80A2C52CC000/SIP/Error/act_recdproc_new_message_response:
Error handling AuthenticationChallenge

 

Once i added the credentials with the "number" command i was good to go!

0 Helpful
Customers Also Viewed These Support Documents