Hi Gary, You can try the following settings in your Cisco phone config file:
nat_enable: 1 nat_received_processing: 1 The problem with Cisco phones and NAT is that they use symmetric NAT. It means that they use UDP/5060 all the way, through any router, to the server. If port 5060 is affecting other devices connecting through the same router, you can change the port they use with this setting: voip_control_port: 6060 We are using 7940G (fw: 8.2) with our service using SER, but I haven't tried it with Asterisk over NAT. -- Bjorn -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary T. Giesen Sent: Monday, April 17, 2006 7:26 PM To: [email protected] Subject: Re: [on-asterisk] Authentication Issues with Cisco Phones with latest SIP firmware Yeah, I was thinking of trying that. The only problem is it doesnt help me with my 7970s (and I could have just gone back to 7.4 firmware with the 40/60s if it became a huge issue, unfortunately I dont have that luxury with the 7970s.) But thanks for the URL, I'll try it out and see if it makes a difference. On 4/17/06, Nabeel Jafferali <[EMAIL PROTECTED]> wrote: > A non-CCM SIP 8.2 load has been released: > > http://lists.digium.com/pipermail/asterisk-users/2006-April/148356.htm > l > > That might help you. > > Nabeel > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gary > > T. Giesen > > Sent: April 17, 2006 5:58 PM > > To: [email protected] > > Subject: Re: [on-asterisk] Authentication Issues with Cisco Phones > > with latest SIP firmware > > > > After some more investigation, the issue appears to be NAT-related. > > I'm guessing somewhere along the line, NAT ips are messing up the > > hashes. No matter what combination of NAT settings on both the > > asterisk and phone I use, I cant get it to authenticate on calls. If > > I stop using NAT altogether, it works great. I know this worked on > > the 7940 with 7.4, so I suspect Cisco has changed something in the > > new code for CCM5. > > I'll check it out later tonight with Ethereal. In the meantime, if > > you have any other suggestions for things to try, I'm certainly open > > to them > > > > On 4/17/06, Michael Zhang <[EMAIL PROTECTED]> wrote: > > > > > > It's not very clear at this point why neither phone or > > server would do > > > enthentication. With ethereal trace, we can actually see what > > > error messages the phone would get when INVITE is sent out. > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > > Of Gary T. > > > Giesen > > > Sent: Monday, April 17, 2006 4:45 PM > > > To: Michael Zhang > > > Subject: Re: [on-asterisk] Authentication Issues with Cisco Phones > > > with latest SIP firmware > > > > > > I'll steal a switch from work that can do port mirroring > > and provide > > > one later on tonight. Would sip debug output be at all > > useful at this point? > > > > > > On 4/17/06, Michael Zhang <[EMAIL PROTECTED]> wrote: > > > > I believe if you can provide ethereal trace we can get a > > better clue > > > > of what is going on. > > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > > Behalf Of Gary T. > > > > Giesen > > > > Sent: Monday, April 17, 2006 4:39 PM > > > > To: [email protected] > > > > Subject: [on-asterisk] Authentication Issues with Cisco > > Phones with > > > > latest SIP firmware > > > > > > > > sip.conf: > > > > > > > > [5001] > > > > type=friend > > > > username=5001 > > > > authuser=5001 > > > > secret=test > > > > host=dynamic > > > > dtmfmode=rfc2833 > > > > context=intext-inbound > > > > canreinvite=no > > > > nat=yes > > > > qualify=yes > > > > [EMAIL PROTECTED] > > > > > > > > SIP<mac>.cnf: > > > > # Line 1 appearance > > > > line1_name: 5001 > > > > > > > > # Line 1 short name > > > > line1_shortname: "Line 1" > > > > > > > > # Line 1 Registration Authentication > > > > line1_authname: "5001" > > > > > > > > # Line 1 Registration Password > > > > line1_password: "test" > > > > > > > > # Line 2 appearance > > > > line2_name: 5001 > > > > > > > > # Line 2 short name > > > > line2_shortname: "Line 2" > > > > > > > > # Line 2 Registration Authentication > > > > line2_authname: "5001" > > > > > > > > # Line 2 Registration Password > > > > line2_password: "test" > > > > > > > > > > > > Running 8.2 on a 7940... > > > > > > > > PS. Grrr, someone really needs to set the Reply-To to the list > > > > address... > > > > > > > > > > > > On 4/17/06, Nabeel Jafferali <[EMAIL PROTECTED]> wrote: > > > > > My 7960 with SIP 7.5 works fine with Asterisk. Post the > > relevant > > > > > entries of your sip.conf and SIP<MAC>.cnf files to help > > > troubleshoot. > > > > > > > > > > Nabeel > > > > > > > > > > -----Original Message----- > > > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > > Behalf Of Gary > > > T. > > > > > Giesen > > > > > Sent: April 17, 2006 3:47 PM > > > > > To: [email protected] > > > > > Subject: [on-asterisk] Authentication Issues with Cisco Phones > > > > > with latest SIP firmware > > > > > > > > > > Sorry to drudge up an old issue, but I haven't found a > > > > > solution for this yet. My Cisco phones (7940/60/70) with the > > > > > latest SIP firmware wont authenticate properly with *. They > > > > > register just fine, but when > > > > > > > > I > > > > > > > > > try to actually make a call, I get chan_sip.c:10299 > > > > > handle_request_invite: Failed to authenticate user "5001" > > > > > <sip:[EMAIL PROTECTED]>;tag=000a8a5c671600781097ccc1-7ddc1905 > > > > > > > > > > Based on output from SIP debug, it appears that either > > the phone > > > > > or asterisk is trying to do SIP digest authentication once the > > > > > phone is > > > > > > > > registered, and it's failing. Is there any way to work > > around this > > > > > (either on the phone or asterisk). Right now the only > > workaround > > > > > is to > > > > > > > > > set secret=<blank>, and that's not a viable solution. > > > > > > > > > > Cheers, > > > > > > > > > > Gary > > > > > > > > > > > > ------------------------------------------------------------------ > > > > > -- > > > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For > > > > > additional > > > > > > > > commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -------------------------------------------------------------------- > > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For > > additional > > > > commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > > > > > -------------------------------------------------------------------- > > - > > > To unsubscribe, e-mail: [EMAIL PROTECTED] For additional > > > commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > -------------------------------------------------------------------- > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional > > commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] For additional > commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
