Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
7351
Views
0
Helpful
12
Replies

SPA3102: NAT Mapping Enable: registration fails

mcampbellsmith
Level 1
Level 1

‎01-03-2010 10:51 PM - edited ‎03-21-2019 09:22 AM

Hi!

I have a problem with NAT and enabling NAT Mapping succesfully on the SPA3102 with firmware 5.1.10(GW).

I have these set in the Voice/SIP tab:

• Handle VIA received: yes
• Handle VIA rport: yes
• Insert VIA received: yes
• Insert VIA rport: yes
• Substitute VIA Addr: yes
• Send Resp To Src Port: yes
• STUN Enable: Choose yes.
• STUN Server: stun.freeswitch.org

And I have 'Nat Mapping Enabled' under Line 1 tab.  I see the external IP address in the Status page.

Below is what I see from the syslog.  The second register (at time 17:41:31) is never received at the SIP server end (a FreeSwitch server).

Jan  4 17:41:20 92.xx.xx.xx REGISTER sip:124.xxx.xxx.xxx:442 SIP/2.0  Via: SIP/2.0/TLS 192.168.1.3:56886;branch=z9hG4bK-1a90facc;rport  From: 2001 <sip:2001@124.xxx.xxx.xxx:442>;tag=c7ba46a8b33b5deco0  To: 2001 <sip:2001@124.xxx.xxx.xxx:442>  Call-ID: 95d1a12e-234d5382@192.168.1.3  CSeq: 10475 REGISTER  Max-Forwards: 70  Contact: 2001 <sip:2001@192.168.1.3:56886;transport=tls>;expires=600  User-Agent: Linksys/SPA3102-5.1.10(GW)  Content-Length: 0  Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER  Supported: x-sipura, replaces  
Jan  4 17:41:20 92.xx.xx.xx
Jan  4 17:41:20 92.xx.xx.xx
Jan  4 17:41:21 92.xx.xx.xx [0]<<124.xxx.xxx.xxx:442(672)
Jan  4 17:41:21 92.xx.xx.xx [0]<<124.xxx.xxx.xxx:442(672)
Jan  4 17:41:21 92.xx.xx.xx SIP/2.0 401 Unauthorized  Via: SIP/2.0/TLS 192.168.1.3:56886;branch=z9hG4bK-1a90facc;rport=56886;received=92.xx.xx.xx  From: 2001 <sip:2001@124.xxx.xxx.xxx:442>;tag=c7ba46a8b33b5deco0  To: 2001 <sip:2001@124.xxx.xxx.xxx:442>;tag=HtDQpjj81jvZm  Call-ID: 95d1a12e-234d5382@192.168.1.3  CSeq: 10475 REGISTER  User-Agent: FreeSWITCH-mod_sofia/1.0.trunk-15490  Allow: INVITE, ACK, BYE, CANCEL, OPTIONS, MESSAGE, UPDATE, INFO, REGISTER, REFER, NOTIFY, PUBLISH, SUBSCRIBE  Supported: timer, precondition, path, replaces  WWW-Authenticate: Digest realm="124.xxx.xxx.xxx", nonce="2b30fca4-f8fc-11de-88a5-dbc3ffce4ce8", algorithm=MD5, qop="auth"  Content-Length: 0  
Jan  4 17:41:21 92.xx.xx.xx
Jan  4 17:41:21 92.xx.xx.xx
Jan  4 17:41:21 92.xx.xx.xx [0]ExtIpChanged: 92.xx.xx.xx
Jan  4 17:41:21 92.xx.xx.xx [56886]STUN trying 0
Jan  4 17:41:21 92.xx.xx.xx [56886]STUN trying 1
Jan  4 17:41:22 92.xx.xx.xx [56886]STUN trying 2
Jan  4 17:41:22 92.xx.xx.xx [56886]STUN trying 3
Jan  4 17:41:23 92.xx.xx.xx [56886]STUN trying 4
Jan  4 17:41:24 92.xx.xx.xx [56886]STUN trying 5
Jan  4 17:41:26 92.xx.xx.xx [56886]STUN trying 6
Jan  4 17:41:28 92.xx.xx.xx [56886]STUN trying 7
Jan  4 17:41:29 92.xx.xx.xx [56886]STUN trying 8
Jan  4 17:41:31 92.xx.xx.xx [0]->124.xxx.xxx.xxx:442(776)
Jan  4 17:41:31 92.xx.xx.xx [0]->124.xxx.xxx.xxx:442(776)
Jan  4 17:41:31 92.xx.xx.xx REGISTER sip:124.xxx.xxx.xxx:442 SIP/2.0  Via: SIP/2.0/TLS 92.xx.xx.xx:56886;branch=z9hG4bK-78f89705;rport  From: 2001 <sip:2001@124.xxx.xxx.xxx:442>;tag=c7ba46a8b33b5deco0  To: 2001 <sip:2001@124.xxx.xxx.xxx:442>  Call-ID: 95d1a12e-234d5382@192.168.1.3  CSeq: 10476 REGISTER  Max-Forwards: 70  Authorization: Digest username="2001",realm="124.xxx.xxx.xxx",nonce="2b30fca4-f8fc-11de-88a5-dbc3ffce4ce8",uri="sip:124.xxx.xxx.xxx:442",algorithm=MD5,response="633bcd697072e62c8c3aadfdca57815a",qop=auth,nc=00000001,cnonce="b9559c13"  Contact: 2001 <sip:2001@92.xx.xx.xx:56886;transport=tls>;expires=600  User-Agent: Linksys/SPA3102-5.1.10(GW)  Content-Length: 0  Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER  Supported: x-sipura, replaces  
Jan  4 17:41:31 92.xx.xx.xx
Jan  4 17:41:31 92.xx.xx.xx
Jan  4 17:41:41 92.xx.xx.xx [0]SIP/TCP Idle
Jan  4 17:42:21 92.xx.xx.xx [0]SIP/TCP ServerNoService
Jan  4 17:42:21 92.xx.xx.xx [0]SIP/TCP ServerNoService

Help appreciated.

0 Helpful
12 Replies 12

Alberto Montilla
Cisco Employee
Cisco Employee

‎01-04-2010 03:39 AM

Dear Sir;

Did you check with the ISTP about the specific mapping required? If not I suggest you only set the following mapping to yes, and leave the others to no:

Handle VIA received: yes
• Handle VIA rport: NO
• Insert VIA received: NO
• Insert VIA rport: NO
• Substitute VIA Addr: YES
• Send Resp To Src Port: NO
• STUN Enable: Choose yes.
• STUN Server: stun.freeswitch.org

Regards
Alberto

0 Helpful

mcampbellsmith
Level 1
Level 1
In response to Alberto Montilla

‎01-04-2010 04:59 AM

EDITED!

The problem seems to only appear with TCP or TLS is enabled as the transport.

I have tried with the stanard port 5061 and I get the same error.  The router is setup to forward both TCP and UDP packets

I control the FreeSwitch box that the SPA should be registered to, so I can do any changes you suggest!  Any further help appreciated.

0 Helpful

mcampbellsmith
Level 1
Level 1
In response to mcampbellsmith

‎01-05-2010 03:12 AM

More checking at it seem to be a STUN issue somehow.  When I hard code in the external IP address and have NAT Mapping Enabled, everything is great.

When I have STUN, it is not.

Below is the syslog from the SPA3102:

THIS WORKS (Ext IP address hardcoded)
Jan  5 21:18:17 92.xx.xx.xx [0]->124.xxx.xxx.xxx:442(544)
Jan  5 21:18:17 92.xx.xx.xx REGISTER sip:myddns.dydns.org:442 SIP/2.0
Via: SIP/2.0/TLS 92.xx.xx.xx:5069;branch=

z9hG4bK-7b7ebbf9  From: 2001
<sip:2001@myddns.dydns.org:442>;tag=b69c38c549e24c42o0  To: 2001
<sip:2001@myddns.dydns.org:442>  Call-ID:
e6b918dc-71d58fe3@192.168.1.3  CSeq: 44358 REGISTER  Max-Forwards: 70
Contact: 2001 <>2001@92.xx.xx.xx:5069;transport=tls>;expires=600
User-Agent: Linksys/SPA3102-5.1.10(GW)  Content-Length: 0  Allow: ACK,
BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER  Supported:
x-sipura, replaces
Jan  5 21:18:17 92.xx.xx.xx
Jan  5 21:18:17 92.xx.xx.xx
Jan  5 21:18:17 92.xx.xx.xx [0]<<124.xxx.xxx.xxx:442(658)
Jan  5 21:18:17 92.xx.xx.xx [0]<<124.xxx.xxx.xxx:442(658)
Jan  5 21:18:17 92.xx.xx.xx SIP/2.0 401 Unauthorized  Via: SIP/2.0/TLS
92.xx.xx.xx:5069;branch=z9hG4bK-7b7ebbf9;rport=5069  From: 2001
<sip:2001@myddns.dydns.org:442>;tag=b69c38c549e24c42o0  To: 2001
<sip:2001@myddns.dydns.org:442>;tag=Bav1HeBr3jm3B  Call-ID:
e6b918dc-71d58fe3@192.168.1.3  CSeq: 44358 REGISTER  User-Agent:
FreeSWITCH-mod_sofia/1.0.trunk-16131  Allow: INVITE, ACK, BYE, CANCEL,
OPTIONS, MESSAGE, UPDATE, INFO, REGISTER, REFER, NOTIFY, PUBLISH,
SUBSCRIBE  Supported: timer, precondition, path, replaces
WWW-Authenticate: Digest realm="myddns.dydns.org",
nonce="a4128380-f9e3-11de-99eb-53ce5686ac9a", algorithm=MD5,
qop="auth"  Content-Length: 0
Jan  5 21:18:17 92.xx.xx.xx
Jan  5 21:18:17 92.xx.xx.xx
Jan  5 21:18:17 92.xx.xx.xx [0]->124.xxx.xxx.xxx:442(782)
Jan  5 21:18:17 92.xx.xx.xx [0]->124.xxx.xxx.xxx:442(782)
Jan  5 21:18:17 92.xx.xx.xx REGISTER sip:myddns.dydns.org:442 SIP/2.0
Via: SIP/2.0/TLS 92.xx.xx.xx:5069;branch=z9hG4bK-18f00822  From: 2001
<sip:2001@myddns.dydns.org:442>;tag=b69c38c549e24c42o0  To: 2001
<sip:2001@myddns.dydns.org:442>  Call-ID:
e6b918dc-71d58fe3@192.168.1.3  CSeq: 44359 REGISTER  Max-Forwards: 70
Authorization: Digest
username="2001",realm="myddns.dydns.org",nonce="a4128380-f9e3-11de-99eb-53ce5686ac9a",uri="sip:myddns.dydns.org:442",algorithm=MD5,response="324ee93184ae202be4a209f5a9255229",qop=auth,nc=00000001,cnonce="804844b"
  Contact: 2001 <>2001@92.xx.xx.xx:5069;transport=tls>;expires=600
User-Agent: Linksys/SPA3102-5.1.10(GW)  Content-Length: 0  Allow: ACK,
BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER  Supported:
x-sipura, replaces
Jan  5 21:18:18 92.xx.xx.xx SIP/2.0 200 OK ....

THIS DOES NOT WORK
Jan  5 22:05:48 92.xxx.xxx.xxx REGISTER sip:myddns.dydns.org:442
SIP/2.0  Via: SIP/2.0/TLS 192.168.1.3:5070;branch=z9hG4bK-faf8477a
From: 2001 <sip:2001@myddns.dydns.org:442>;tag=b065057e3ed0befdo0  To:
2001 <sip:2001@myddns.dydns.org:442>  Call-ID:
e6b918dc-71d58fe3@192.168.1.3  CSeq: 44435 REGISTER  Max-Forwards: 70
Contact: 2001 <2001>;expires=600
User-Agent: Linksys/SPA3102-5.1.10(GW)  Content-Length: 0  Allow: ACK,
BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER  Supported:
x-sipura, replaces
Jan  5 22:05:48 92.xxx.xxx.xxx SIP/2.0 401 Unauthorized  Via:
SIP/2.0/TLS 192.168.1.3:5070;branch=z9hG4bK-faf8477a;received=92.xxx.xxx.xxx;rport=5070
  From: 2001 <sip:2001@myddns.dydns.org:442>;tag=b065057e3ed0befdo0
To: 2001 <sip:2001@myddns.dydns.org:442>;tag=N51jvyeca9Umj  Call-ID:
e6b918dc-71d58fe3@192.168.1.3  CSeq: 44435 REGISTER  User-Agent:
FreeSWITCH-mod_sofia/1.0.trunk-16131  Allow: INVITE, ACK, BYE, CANCEL,
OPTIONS, MESSAGE, UPDATE, INFO, REGISTER, REFER, NOTIFY, PUBLISH,
SUBSCRIBE  Supported: timer, precondition, path, replaces
WWW-Authenticate: Digest realm="myddns.dydns.org",
nonce="476097b0-f9ea-11de-99fd-53ce5686ac9a", algorithm=MD5,
qop="auth"  Content-Length: 0
Jan  5 22:05:48 92.xxx.xxx.xxx
Jan  5 22:05:48 92.xxx.xxx.xxx
Jan  5 22:05:58 92.xxx.xxx.xxx [0]->124.xxx.xxx.xxx:442(783)
Jan  5 22:05:58 92.xxx.xxx.xxx [0]->124.xxx.xxx.xxx:442(783)
Jan  5 22:05:58 92.xxx.xxx.xxx REGISTER sip:myddns.dydns.org:442
SIP/2.0  Via: SIP/2.0/TLS 92.xxx.xxx.xxx:5070;branch=z9hG4bK-bfc992b3
From: 2001 <sip:2001@myddns.dydns.org:442>;tag=b065057e3ed0befdo0  To:
2001 <sip:2001@myddns.dydns.org:442>  Call-ID:
e6b918dc-71d58fe3@192.168.1.3  CSeq: 44436 REGISTER  Max-Forwards: 70
Authorization: Digest
username="2001",realm="myddns.dydns.org",nonce="476097b0-f9ea-11de-99fd-53ce5686ac9a",uri="sip:myddns.dydns.org:442",algorithm=MD5,response="466ea78ac2ccddca991a5c3d4d021bed",qop=auth,nc=00000001,cnonce="ebd80711"
  Contact: 2001 <2001>;expires=600
User-Agent: Linksys/SPA3102-5.1.10(GW)  Content-Length: 0  Allow:
ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, REFER  Supported:
x-sipura, replaces

This is all I see

The difference was a hard coded external IP address in the first session that worked.  However I can't have it set like this as the IP address is not static.

The second REGISTER in the Not Working session seems to be ignored by FreeSwitch (I don't see it in the logs of FS either).   Is there something in this Register that causes FS to ignore it?  Thanks

EDIT: TURNING OFF STUN AND IT WORKS (with NAT Mapping Enabled) .... How can the SPA3102 determine its external IP address if the stun server option is switched off?  I see the external IP address int eh status page - how is this determined and why does this work?



0 Helpful

Alberto Montilla
Cisco Employee
Cisco Employee
In response to mcampbellsmith

‎01-05-2010 06:32 AM

Dear Sir;


The only difference is that in non working case the Contact info continues pointing to the private IP address 192.xx.xx.xx and that's wrong since this address is not routable.

The issue could be that STUN is not working properly. Do you know if your router has symmetric NAT? STUN does not work with symmetric NAT routers.

Regards;
Alberto

0 Helpful

mcampbellsmith
Level 1
Level 1
In response to Alberto Montilla

‎01-05-2010 12:41 PM

Thanks Alberto.

Do you know how I can check if my router is symetric or not?

Also, If I TURN OFF STUN IT WORKS (with NAT Mapping Enabled) .... How can the SPA3102 determine its external IP address if the stun server option is switched off?  I see the external IP address int eh status page - how is this determined and why does this work?

Thanks

0 Helpful

cesterlizi
Level 1
Level 1

‎02-16-2010 02:12 PM

Hi Alberto

We have the same issue with SPA9x2, firmwares 5.2.8 and 6.1.5(a)

We are using TCP or TLS as  transport and if we set

NAT Mapping Enable[1] = yes

STUN Enable  = yes

STUN Server = mystun.xxxx.com

the SPA9x2 fails to REGISTER

I am attaching 3 captures (take a look with wireshark).

1) SIP UDP transport with NAT Mapping Enable=yes -> REGISTER OK, STUN reachable and IP mapped

2) SIP TCP transport with  NAT Mapping Enable=yes -> REGISTER NOK, STUN not reachable and IP not mapped

3) SIP TCP transport with  NAT Mapping Enable=no -> REGISTER OK but IP is not mapped

192.168.1.52 SPA9x2

192.168.1.61 proxy

The problem seems to be the combination of TCP/TLS + STUN  with NAT Mapping Enable

Thanks & Regards

Carlos

0 Helpful

Alberto Montilla
Cisco Employee
Cisco Employee

‎02-18-2010 02:01 AM

Dear Carlos;

Let me escalate this to engineering. I'll let you know the outcome.

Regards
Alberto

0 Helpful

mcampbellsmith
Level 1
Level 1
In response to Alberto Montilla

‎02-18-2010 02:46 AM

Hi Alberto,

Please make sure that SP3102 issue is escalated as well as the SPA9x2.  I still have issues with this on my SPA firmware (the latest PA3102-5.1.10(GW) )

Thanks!

0 Helpful

reddragon24
Level 1
Level 1

‎03-08-2010 04:06 AM

Hi,


the sip server does not recieve the packets due to STUN. BTW why are you using STUN: " dont want to get voice relay from the server" if yes, try this:

Disable NAT Mapping , enable Keep alive and check the RTP packets 99.9% voice will connect directly not via server. And, Stun is only usefull if using very cheap router but if you are using linksys guranteed will not face any problem.

If you are behid double NAT ( behind two or more routers) make sure routers are runing in bridge mode.

0 Helpful

cesterlizi
Level 1
Level 1
In response to reddragon24

‎03-17-2010 07:03 AM

Hi Alberto

Do you have any news for this issue from the engineering team  ?

Thanks & Regards

Carlos

0 Helpful

Alberto Montilla
Cisco Employee
Cisco Employee
In response to cesterlizi

‎03-17-2010 03:11 PM

Dear Sir;

I checked with engineering and actually STUN does work only with UDP as defined in the RFC.

Do you use a static IP address? If so I think you can disable STUN and still get mapping ok.

Regards
Alberto

0 Helpful

cesterlizi
Level 1
Level 1
In response to Alberto Montilla

‎11-11-2010 01:07 PM

Hi Alberto

I now have a similar problem with SPA303 and SPA502G but when I use STUN + UDP with firmware 7.4.6

I've opened this new discussion https://supportforums.cisco.com/message/3224240#

Regards

Carlos

0 Helpful
Customers Also Viewed These Support Documents