cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

1907
Views
10
Helpful
8
Replies
Alexey Platov
Beginner

SIP trunk OPTIONS request

Hello everybody

There is a CUCM (SW version) 7.1.5 with direct SIP trunk connection to Alcatel OXE.

On ALU side they want to use OOD OPTIONS keep-alive mode activated.

Am I right that 7.1.5 CUCM doea not support sending OPTIONS requests on SIP trunk?

Also, if we use digest authentification on this trunk without OPTIONS request activated then calls from ALU just goes fine - OXE receives "403

Proxy authentification required" to the initial INVITE and then sends INVITE with authentification parameters.

If OPTIONS request is activated then 1st OPTIONS request receives "403 Unauthorized". ALU then sends OPTINS with the same digest credentials but no answer is received from CUCM.

Do we need an additianal configuration on CUCM side so OPTIONS request also coild be authentificated?

Thanks in advance,

8 REPLIES 8

Alexey,

CUCM7.1 does not support options ping. This feature I belive was introuduced in CUCM 8.X

Please rate all useful posts

"opportunity is a haughty goddess who waste no time with those who are unprepared"

Please rate all useful posts

OK. Just as I thought.

Do you have any idea on OPTIONS request authorization?

If OPIONS ping is not supported, then I am not sure how it will support request authorization..unless I ont undrstand your question

Please rate all useful posts

"opportunity is a haughty goddess who waste no time with those who are unprepared"

Please rate all useful posts

OPTIONS request receiving should be supported by any UA, it is written in RFC.

OK, CUCM 7.1.5 can not be configured to send this request for keep-alive to the opposite side, that's clear now.

But on receiving such message from the opposite side we have different behaviour

1. If "" option is disabled in SIP Trunk Security Profile configuration then CUCM answers to the OPTIONS request with "SIP/2.0 200 OK" and, of course, no incoming calls' INVITEs are challenged with "Proxy Authentification required".

2. If ""  option is enabled in SIP Trunk Security Profile configuration then CUCM  answers to the OPTIONS request with "SIP/2.0 401 Unauthorized" and ignores all other OPTIONS requests. OPTIONS request is repeated with digest credentials but this is ignored by CUCM. No calls  is possible to CUCM as gateway is seen as unreachable.

3. If ""  option is enabled in SIP Trunk Security Profile configuration and the opposite party is configured not to send OPTIONS then incoming calls are challenged with "Proxy Authentification required".and succesfully delivered.

So if OPTIONS ping is not supported then cases 1 and 3 is OK. But why in case 2 iCUCM is answering with  401 Unauthorized and ignores next OPTIONS messages?

.

Ok..I understand your point now. You  might need to open a TAC case to find out why its not responding to the Options with the authentication credentials...Is there a response tag in the next authentication request from the Alcatel side?

Please rate all useful posts

"opportunity is a haughty goddess who waste no time with those who are unprepared"

Please rate all useful posts

Thanks for your info. Isn't 7,1,5 at the end of support? Anyway looks like it is better to upgrade to something fresh.

Just for information.

This is the trace. Initial OPTIONS, an 401 answer from CUCM,and  OPTIONS with credentials which is never answered by CUCM. And this last request does not contain any tag in "To:" header.

-> SEND MESSAGE TO NETWORK (10.1.1.221:5060 [UDP]) (BUFF LEN = 426)

----------------------utf8-----------------------

OPTIONS sip:10.1.1.221 SIP/2.0

Accept: application/sdp

User-Agent: OmniPCX Enterprise R9.1

To: sip:10.1.1.221

From: sip:192.168.92.6;tag=0826088f187c9b904d7c365ae3dfe001

Contact: <192.168.92.6>

Call-ID: 82eb2af540d5259ad744b4b84c991d7c@192.168.92.6

CSeq: 704884675 OPTIONS

Via: SIP/2.0/UDP 192.168.92.6;branch=z9hG4bK0d7668c7097dfb6968204a2c76fef932

Max-Forwards: 70

Content-Length: 0

-------------------------------------------------

-> RECEIVE MESSAGE FROM NETWORK (10.1.1.221:5060 [UDP])

----------------------utf8-----------------------

SIP/2.0 401 Unauthorized

Date: Tue, 16 Apr 2013 13:34:00 GMT

Allow: INVITE, OPTIONS, INFO, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY

From: sip:192.168.92.6;tag=0826088f187c9b904d7c365ae3dfe001

WWW-Authenticate: Digest realm="REALM", nonce="Kcxq15lrZKqPX+w+BBo+ItuC1IewGhNY", algorithm=MD5

Content-Length: 0

To: sip:10.1.1.221;tag=1531506407

Call-ID: 82eb2af540d5259ad744b4b84c991d7c@192.168.92.6

Via: SIP/2.0/UDP 192.168.92.6;branch=z9hG4bK0d7668c7097dfb6968204a2c76fef932

CSeq: 704884675 OPTIONS

-------------------------------------------------

-> SEND MESSAGE TO NETWORK (10.1.1.221:5060 [UDP]) (BUFF LEN = 602)

----------------------utf8-----------------------

OPTIONS sip:10.1.1.221 SIP/2.0

Accept: application/sdp

User-Agent: OmniPCX Enterprise R9.1

To: sip:10.1.1.221

From: sip:192.168.92.6;tag=0826088f187c9b904d7c365ae3dfe001

Contact: <192.168.92.6>

Call-ID: 82eb2af540d5259ad744b4b84c991d7c@192.168.92.6

CSeq: 704884676 OPTIONS

Max-Forwards: 70

Authorization: Digest username="cucmsip",realm="REALM",nonce="Kcxq15lrZKqPX+w+BBo+ItuC1IewGhNY",algorithm=MD5,uri="sip:10.1.1.221",response="715d454986a2588f3cb31731946ab11b"

Via: SIP/2.0/UDP 192.168.92.6;branch=z9hG4bKeaf44f4d016b44e514a355fc3fe5082f

Content-Length: 0

--

The new OPTIONS request look okay with the correct credentials, the nonce, the algorithm and the response tag. I had a look on the cisco bug tool to see if there was a bug related to this, but I didnt find any. I suggest you contact TAC on this..

Please rate all useful posts

"opportunity is a haughty goddess who waste no time with those who are unprepared"

Please rate all useful posts

Thanks a lot.

Content for Community-Ad