I have a customer that is running CME 12 and all of his phones located at the office where the CME resides work just fine. We just connected a satellite office to it using a ASA to ASA Site to Site VPN Tunnel. The remote site is working great except none of the phones at that site are allowed to register with CME. All of the phones have their proper IPs from DHCP with their required Option 150 and proper Gateway.
In fact when I run a debug ccsip all I see all of the phones trying to register with CME. But they are all being rejected.
I have both networks defined to CME as Trusted. All of the voice register pools are fine because if I bring the phones over to the main office they register and work just fine.
voice service voip ip address trusted list ipv4 10.100.200.0 255.255.255.0 ipv4 10.10.200.0 255.255.255.0
I am allowing all protocols and ports both ways across the tunnel with the ACLs.
I have no-proxy-arp route-lookup on my NAT statements on both ASA's.
I have tried it with both
policy-map global_policy class inspection_default
and no inspect sip
Still getting this message when the phones at the remote site try and register...
092673: *Feb 11 09:53:41.539 CST: //1577/07D93A6682DB/SIP/Msg/ccsipDisplayMsg: Sent: SIP/2.0 401 Unauthorized Via: SIP/2.0/UDP 10.100.200.103:5060;branch=z9hG4bK51fac813 From: <sip:email@example.com>;tag=0cd0f84a9a7e00121754f809-09250a68 To: <sip:firstname.lastname@example.org>;tag=AD238C-2618 Date: Mon, 11 Feb 2019 15:53:41 GMT Call-ID: email@example.com Server: Cisco-SIPGateway/IOS-15.7.3.M1 CSeq: 148 REGISTER WWW-Authenticate: Digest realm="",nonce="E0C8D8B50011508C",algorithm=MD5,qop="auth"Content-Length: 0
What am I doing wrong?
... View more