cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1383
Views
0
Helpful
2
Replies

Registration of SIP client to UC540 via VPN?

sethschmautz
Level 3
Level 3

Hey guys,

We have been working on an internal project where we enable the SIP server on the UC540 and register smart phones with SIP clients as extensions on the network.  Yesterday we were able to get two audio to work properly while on the LAN.  We then connected the Smart phone via external IP SEC VPN and tried to register again, but no dice.  We can ping 10.1.1.1 and local LAN IPs, but cannot ping 10.1.10.1 (due to the way that we have our split tunnel set up).  The question is as follows:

1. As we are authenticating the SIP client to the SIP server via MAC address, how can we determine which MAC address is being presented to the UC540?  Is there a CLI command to find this information out?

2. Do we need to be able to access 10.1.10.1 for all of this to work?

3. This functionality would be great to be able to implement over VPN due to the nature of our work.  Has anybody found another way to authenticate the SIP clients other than MAC address?

FWIW, if anybody else is trying to do this, here are a few tips that my Sys Admin found out yesterday:

1. We are using Android handsets and the "CSipSimple" SIP client. 

2. We found the SIP server CLI in the documentation for using an SPA8000 for additional FXS ports

3. Extensions must be set up in a different range that your normal internal extensions

     a. We were using 200s for internal office extensions.  It wasn't until we changed to 300s for the SIP pools that we were able to get this to work.

Thanks,

Seth

2 Replies 2

David Trad
VIP Alumni
VIP Alumni

Hi Seth,

Not sure about CSipSimple but do know that NetSip on the Droid phones is pretty reliable for this stuff

1. As we are authenticating the SIP client to the SIP server via MAC  address, how can we determine which MAC address is being presented to  the UC540?  Is there a CLI command to find this information out?

It should only ever broadcast the MAC address of the WiFi card, I am not sure if the debug tftp-event will produce results for you but you could try that one, debugging the SIP might not show what MAC is being used.

2. Do we need to be able to access 10.1.10.1 for all of this to work?

In theory NO, but if you want Voice Mail to work I dare say you might, but then again with the way things are tightly integrated there could be a probability that this route needs to be in place, I would do it just to be on the safe side.

3. This functionality would be great to be able to implement over VPN  due to the nature of our work.  Has anybody found another way to  authenticate the SIP clients other than MAC address?

I am actually not aware of any other method, the "voice register global" and the "voice register dn" operate in a similar fashion to that of the SCCP phones, maybe you could try and remove the "id mac" command and see if you can just register with the username and password, I wouldn't recommend it unless your firewall is pretty tight.

Hope you resolve the problem

Cheers,

David.

Cheers, David Trad. **When you rate a persons post, you are indicating a thank you or that it helped, but at the same time you are also helping to maintain the community spirit - You don't have to rate posts and you wont be looked down upon :) *

mcasimirc63
Level 4
Level 4

1. As we are authenticating the SIP client to the SIP server via MAC address, how can we determine which MAC address is being presented to the UC540?  Is there a CLI command to find this information out?

For SIP clients the MAC address does not need to be valid for the endpoint to register.  The two main items the need to be valid are the username and password.

2. Do we need to be able to access 10.1.10.1 for all of this to work?

Using SIP endpoints require you to setup source IP addresses separate from SCCP clients. The source IP address is what endpoints use to register.  It also tells the ISR that this is the address that endpoint will register under.  This does not need to be 10.1.10.1.

3. This functionality would be great to be able to implement over VPN due to the nature of our work.  Has anybody found another way to authenticate the SIP clients other than MAC address?

For SIP clients the MAC address does not need to be valid for the endpoint to register.  The two main items the need to be valid are the username and password.

FYI using SIP endpoints without the Cisco extensions provides you with a phone similar to a POTS line.  I have set this up before using an iPhone+SIP client over VPN but the functionality is so limited that I rather wait for Cisco to release the formal version.  Without the Cisco SIP extensions, you won't have call park, hold, transfer and call pickup.   From the SIP client you will only be able to pickup the phone, dial and hangup.  If you do a google search for adding SIP clients to CME, you will find some CLI guidance but i'm sure you will be unimpressed with the results.

Thanks,

Seth