SIP authentication failure through Cisco ASA to Trixbox
Posted on 2011-02-17
I just recently put in a Cisco ASA5510 security appliance. Once I did that, all of our external SIP phones are failing to authenticate to our Trixbox. The issue is, the ASA is doing its job and rewriting the SIP header with the appropriate external IP. However, when the Trixbox goes to run the MD5 has on the password, it uses its internal IP instead of the external IP so the hash's don't match, and the remote phones are not authenticated. If I enable the NAT settings on the Trixbox, my Trunk to the ITSP stops working, (The ASA thinks its a Lan attack). I know there is another way for the Trixbox to seed the Hash value (instead of the IP address of the box), however, I have no idea where to make it, and the phone, use that value, or even where to set the value. Any idea? (Additionally, will the change affect the internal phones as well?)
Thanks in advance!