Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1997
Views
0
Helpful
0
Replies

SIP Trunk Digest Authentication

Mitchell.Drage
Level 1
Level 1

‎07-02-2012 10:27 PM - edited ‎03-16-2019 11:58 AM

Hello everyone,

I have been having trouble trying to get SIP Trunk authentication to work.

Im trying to use this as a way of monitoring which trunks are up and down with the end-state and possibly in the future, to be able to display this graphically (using api I guess).

Im not even sure if this is possible so if someone has a better idea on how to achieve this please let me know.

I have tried using RTMT to watch trunks but from what I can see it cant handle the amount of trunks that I would like to watch, in the range of 90 odd.

I have read Cisco Unified Communications Manager Security Guide, Release 8.5(1) and while it explains how to get it working, it does so in a very vague manner.

I have CUCM 8.5 set with a Sip trunk security profile using tcp in and out, with the security mode non secure and enable digest auth ticked.

I have created an application user with all details the same eg, name=siptest, digest=siptest and password=siptest.

I have created a sip trunk and tested sucessfully with digest auth turned off.

on CUCME I have the following config:

--------ommitted-----------

voice service voip

allow-connections sip to sip

fax protocol cisco

sip

  bind control source-interface Loopback0

  bind media source-interface Loopback0

  asymmetric payload full

---------ommitted-----------

dial-peer voice 100 voip

description Inbound Dial Peer

voice-class codec 1

session protocol sipv2

session transport tcp

incoming called-number 7000.

dtmf-relay rtp-nte

!

dial-peer voice 200 voip

description To CUCM

destination-pattern .T

voice-class codec 1

session protocol sipv2

session target sip-server

session transport tcp

dtmf-relay rtp-nte

no vad

---------ommitted-----------

sip-ua

credentials username siptest password 7 105D00091112011F realm ccmsipline

authentication username siptest password 7 120A0C07060E1F10 realm ccmsipline

registrar ipv4:10.0.0.1 expires 3600

sip-server ipv4:10.0.0.1

----------ommitted-----------

Debug ccsip messages gives me this output:

Jul  3 01:57:58.727: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:

Sent:

REGISTER sip:10.0.0.1:5060 SIP/2.0

Via: SIP/2.0/UDP 192.168.1.8:5060;branch=z9hG4bKB2A

From: <sip:siptest@10.0.0.1>;tag=2844ACFC-96

To: <sip:siptest@10.0.0.1>

Date: Tue, 03 Jul 2012 01:57:58 GMT

Call-ID: 5915ED5F-C3E911E1-969887E9-991716BF

User-Agent: Cisco-SIPGateway/IOS-12.x

Max-Forwards: 70

Timestamp: 1341280678

CSeq: 2 REGISTER

Contact: <sip:siptest@192.168.1.8:5060>

Expires:  3600

Content-Length: 0

Jul  3 01:57:58.731: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:

Received:

SIP/2.0 100 Trying

Via: SIP/2.0/UDP 192.168.1.8:5060;branch=z9hG4bKB2A

From: <sip:siptest@10.0.0.1>;tag=2844ACFC-96

To: <sip:siptest@10.0.0.1>

Date: Tue, 03 Jul 2012 01:57:58 GMT

Call-ID: 5915ED5F-C3E911E1-969887E9-991716BF

CSeq: 2 REGISTER

Content-Length: 0

Jul  3 01:57:58.831: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:

Received:

SIP/2.0 401 Unauthorized

Via: SIP/2.0/UDP 192.168.1.8:5060;branch=z9hG4bKB2A

From: <sip:siptest@10.0.0.1>;tag=2844ACFC-96

To: <sip:siptest@10.0.0.1>;tag=1091711221

Date: Tue, 03 Jul 2012 01:57:58 GMT

Call-ID: 5915ED5F-C3E911E1-969887E9-991716BF

CSeq: 2 REGISTER

WWW-Authenticate: Digest realm="ccmsipline", nonce="d5MiGcCRT11J+/Wki1jY0hCR0lOFv3oI", algorithm=MD5

Content-Length: 0

Jul  3 01:57:58.835: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:

Sent:

REGISTER sip:10.0.0.1:5060 SIP/2.0

Via: SIP/2.0/UDP 192.168.1.8:5060;branch=z9hG4bKC201B

From: <sip:siptest@10.0.0.1>;tag=2844ACFC-96

To: <sip:siptest@10.0.0.1>

Date: Tue, 03 Jul 2012 01:57:58 GMT

Call-ID: 5915ED5F-C3E911E1-969887E9-991716BF

User-Agent: Cisco-SIPGateway/IOS-12.x

Max-Forwards: 70

Timestamp: 1341280678

CSeq: 3 REGISTER

Contact: <sip:siptest@192.168.1.8:5060>

Expires: 3600

Authorization: Digest username="siptest",realm="ccmsipline",uri="sip:10.0.0.1:5060",response="cce7435918ed64d08eeb6e574e7d4550",nonce="d5MiGcCRT11J+/Wki1jY0hCR0lOFv3oI",algorithm=MD5

Content-Length: 0

Jul  3 01:57:58.843: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:

Received:

SIP/2.0 100 Trying

Via: SIP/2.0/UDP 192.168.1.8:5060;branch=z9hG4bKC201B

From: <sip:siptest@10.0.0.1>;tag=2844ACFC-96

To: <sip:siptest@10.0.0.1>;tag=1091711221

Date: Tue, 03 Jul 2012 01:57:58 GMT

Call-ID: 5915ED5F-C3E911E1-969887E9-991716BF

CSeq: 3 REGISTER

Content-Length: 0

Jul  3 01:57:58.843: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:

Received:

SIP/2.0 404 Not Found

Via: SIP/2.0/UDP 192.168.1.8:5060;branch=z9hG4bKC201B

From: <sip:siptest@10.0.0.1>;tag=2844ACFC-96

To: <sip:siptest@10.0.0.1>;tag=1091711221

Date: Tue, 03 Jul 2012 01:57:58 GMT

Call-ID: 5915ED5F-C3E911E1-969887E9-991716BF

CSeq: 3 REGISTER

Warning: 399 CMPUB01 "Unable to find device/user in database"

Content-Length: 0

Anyone have any ideas?

Thanks in advance.

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents