The encryption in IOS determines how the password is stored and displayed on the system, not how it is exchanged in the MD5 Digest authentication. What error are you receiving when trying to authenticate? Can you provide the "debug ccsip message"?

Marcos

The IOS version is also important, as Steve suggests. We used to have a bug where IOS would display the password in clear text, but think it was already encrypted. This would cause registration issues since the password used would be wrong. But again, this has nothing to do with the Digest authentication.

Marcos

Yes, thats where I was heading....but your right Marcos.  debug ccsip messages of the registration would help for sure.

I also saw an old bug where if the credentials were read from startup, even though showed clear text, it was encrypted.  But that was fixed a long time ago too.

Steve

Steve, Marcos,

Thank you for the fast reply. The version I'm using is 12.4(22)YB4.

The main question is not (yet) if the SIP setup negotiation is working, but why the password 0 option isn't working. According to the documentation that I read it should be. If I try it to use the option 0, it's automatically changed to option 7 in the configuration. I'm wondering why that is.

My SIP provider only has experience with Asterix systems and he told me that for those systems they require that the password and username are send as plain text. I presume that I need password option 0 to accomplish this, or am I wrong?

Frank

OK, so your fairly recent IOS (not the latest 15.0(1)XA, which is available in the UC 500 8.0.0 bundle FYI), but I am not surbe that was a supported release for UC500?  WHat bubdle are yuo using?   But this is moot since you should have all the latest bug fixes for problems I saw in earlier IOS.

What you may want to do, is what Marcos suggested and post it for us.

#term mon

#debug ccsip messages

Wait to see some REGISTRATION messages, or make a call, since if a UAC is not registered, the INVITE should be challenged and then credentials are passed.

We can see whats happening on the wire this way and see if the CLI is security only (so it cant be viewed in a 'show run') but actually gets passed in plain text....

# un all  <---turns of all debugging

This is not what the "0" means. According to the documentation:

"0" : For all platforms except the Cisco 7600 series router, specifies that the clear-text password immediately following this value is MD5 encrypted.

For the Cisco 7600 series router, specifies that the clear-text password immediately following this value is not encrypted.

"5" : MD5-encrypted text string, which will be stored as the encrypted user password.

"7": Weak, reversible algorithm.

To use 7 or 5, here are the commands:

UC500(config)#username ggg password ?

  0     Specifies an UNENCRYPTED password will follow

  7     Specifies a HIDDEN password will follow

  LINE  The UNENCRYPTED (cleartext) user password

UC500(config)#username ggg secret ?

  0     Specifies an UNENCRYPTED secret will follow

  5     Specifies a HIDDEN secret will follow

  LINE  The UNENCRYPTED (cleartext) user secret

Hi guys,

I have the same problem happens here. After change the password 0  it change to encrypted.  I am using ISR4331 with SIP trunk VMAX.