Hi Roger,

Thank you for your quick reply. we are running Version 15.2(4)M3. Voice class tenant command is not able to configure currently.

I will upgrade at least Cisco IOS 15.6(2)T onwards and will post here results.

regards,

For that platform I would recommend you to go for 15.7(3)M8.

Hi Roger,

Thanks for this.

There is a requirement of MD5 checksum also to be sent. Is the below configuration accommodating this?

Or, the below configuration also needed?

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/voice/cube/configuration/cube-book/voi-cube-sip-tls.html?bookSearch=true#task_2ED64664C3684347A1A4F6BED1FE298D

That is for TLS. That's not related to registration, it's media encryption. That's a completely different thing. What specifically is it the SP wants to use MD5 for? It does not sound like it would be for TLS, but for the registration challenge.

What @Roger Kallberg mentioned, is sending the Authentication Header in the REGISTER message. This header then includes the MD5 algorithm.

What you mean with the link, is how to configure SIP over TLS. So two different things here.

AFAIK there is currently no possibility to force CUBE to already send the Authentication header in the initial REGISTER message (from CUBE to Provider).

CUBE only adds the Authentication Header, after it gets challenged by the Provider with a "401 Unauthorized" or "407 Proxy Authentication Required".

This is called "Digest Authentication"

And also the recommendation from my side:

Always use tenant configuration.

• It's more scalable (if you have more than one provider connected to 1 CUBE)
• It's needed when SRST is co-located on the same CUBE
• It's how CUBE is configured these days (SIP trunk registration isn't done in SIP-UA anymore)

--- Please rate this post as "Helpful" or accept as a solution, if your question has been answered ---

Hi Roger,

You have mentioned sip-profiles 10 under voice class tenant 2000. can you please define sip-profile template where we have to send header with domain name, credentials and MD5 encryption. 

Thanks.

That's not what the SIP profile is used for, I took the config of one of our SBC's that is using registrations. You can disregard that part.

For reference only this is what that SIP profile would look like. You can not take that straight off if you where to use it.

voice class sip-profiles 10
 request INVITE sip-header SIP-Req-URI modify "<SP IP>" "<SP domain>" 
 request ANY sip-header From modify "<SBC internal IP>" "<SBC external IP>" 
 request ANY sip-header From modify "From:(.*)(<sip:.*@).*>" "From: \2<SP domain>>" 
 response ANY sip-header From modify "From:(.*)(<sip:.*@).*>" "From: \2<SP domain>>" 
 request INVITE sip-header To modify "To:(.*)(<sip:.*@).*>" "To: \2<SP domain>>" 
 request ANY sip-header To modify "To:(.*)(<sip:.*@).*>" "To: \2<SP domain>>" 
 response ANY sip-header To modify "To:(.*)(<sip:.*@).*>" "To: \2<SP domain>>" 
 request ANY sip-header Remote-Party-ID modify "Remote-Party-ID:(.*)(<sip:.*@).*>" "Remote-Party-ID: \2<SP domain>>" 
 response ANY sip-header Remote-Party-ID modify "Remote-Party-ID:(.*)(<sip:.*@).*>" "Remote-Party-ID: \2<SP domain>>" 

The sip-profile, that @Roger Kallberg mentioned was just included in his example configuration. You can just skip it or configure a profile, depending on the requirements that you have.

What you mean with "we have to send header with domain name"? Which domain should be included in which header?

Do you have an example REGISTER message, how it currently looks like and how it should look like?

For "credentials and MD5 encryption" see my other reply.

--- Please rate this post as "Helpful" or accept as a solution, if your question has been answered ---

Hi Winter,

please find attached reference snapshot with successful SIP registrar registration from another brand but same Telco connection type.

Hope it clear to make sample template.

thanks.

Do you also have a log about the SIP messages that you are currently sending / receiving?

--- Please rate this post as "Helpful" or accept as a solution, if your question has been answered ---

Hi,

These are captured before but results are same in attached file. 

I checked the logs:

Seeing this error message from the provider in the answer:

*Dec 5 11:51:02.599: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Received:
SIP/2.0 400 Bad Request
Via: SIP/2.0/UDP 10.221.223.72:5060;branch=z9hG4bK17FE9C
Call-ID: 680BF099-54F811EC-86B4E035-89621916
From: <sip:anonymous@anonymous>
To: <sip:anonymous@anonymous>;tag=cpjcod5z
CSeq: 2 REGISTER
Warning: 399 10.238.70.201 "SS280000F1048642L11603179[00000] From header absent or undecipherable",399 10.238.70.201 "SS280000F1048642L16911595[00000] To header absent or undecipherable"
Content-Length: 0

Your Register message looks like this:

*Dec  5 11:51:02.595: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
Sent: 
REGISTER sip:vims-siptrunk.etisalat.ae:5060 SIP/2.0
Via: SIP/2.0/UDP 10.221.223.72:5060;branch=z9hG4bK17FE9C
From: <sip:+97142746222@ims.etisalat.ae@vims-siptrunk.etisalat.ae>;tag=1D3778-C9E
To: <sip:+97142746222@ims.etisalat.ae@vims-siptrunk.etisalat.ae>
Date: Sun, 05 Dec 2021 11:51:02 GMT
Call-ID: 680BF099-54F811EC-86B4E035-89621916
User-Agent: Cisco-SIPGateway/IOS-15.2.4.M3
Max-Forwards: 70
Timestamp: 1638705062
CSeq: 2 REGISTER
Contact:<sip:+97142746222@ims.etisalat.ae@10.221.223.72:5060>
Expires:  3600
Supported: path
Content-Length: 0

You have double domain in your headers.

Change the credential command to the following:

credentials number +97142746222 username +97142746222@ims.etisalat.ae password 7 1315062A1209337D6F realm ims.etisalat.ae

--- Please rate this post as "Helpful" or accept as a solution, if your question has been answered ---

Or possibly change it to this

voice class tenant 2000
  credentials username +97142746222 password 7 1315062A1209337D6F realm ims.etisalat.ae
  authentication username +97142746222 password 7 1315062A1209337D6F