Solved

Cisco 7945g with Asterisk

Posted on 2011-09-13
8
2,079 Views
Last Modified: 2016-09-16
Hi,

Ive been trying for over 24 hours to get a Cisco 7945g IP Phone to talk to Asterisk.
The phone is running the SIP firmware and ive got the config XML files on a local TFTP server.
Asterisk has a public IP and is in a datacentre.
The phone is behind a NAT in my office.

I've found that the only way I can get the phone to authenticate with Asterisk, is by setting NAT=no in the sip.conf file for the peer.
Otherwise, I just see UNAUTHORIZED in SIP Debug.

However, when i set NAT=no, there is only one way audio.
I've got a Polycom phone which is also behind the NAT in my office, and that works fine.

I've tried mapping ports, but that didnt seem to help.

Any ideas?
Thanks
Dan
0
Comment
Question by:DanJourno
8 Comments
 
LVL 20

Expert Comment

by:José Méndez
ID: 36534024
Can you post the sip.conf info and a sip debug of the registration process?
0
 
LVL 5

Author Comment

by:DanJourno
ID: 36534356
Here is the sip config:-
 
* Name       : company_202
  Realtime peer: Yes, cached
  Secret       : <Set>
  MD5Secret    : <Not set>
  Context      : company_phones
  Subscr.Cont. : <Not set>
  Language     :
  Accountcode  : company
  AMA flags    : Unknown
  Transfer mode: open
  CallingPres  : Presentation Allowed, Not Screened
  Callgroup    :
  Pickupgroup  :
  Mailbox      :
  VM Extension : asterisk
  LastMsgsSent : 32767/65535
  Call limit   : 0
  Dynamic      : Yes
  Callerid     : "" <>
  MaxCallBR    : 384 kbps
  Expire       : -1
  Insecure     : no
  Nat          : Always
  ACL          : No
  T38 pt UDPTL : No
  CanReinvite  : No
  PromiscRedir : No
  User=Phone   : Yes
  Video Support: No
  Trust RPID   : No
  Send RPID    : Yes
  Subscriptions: Yes
  Overlap dial : Yes
  Forward Loop : Yes
  DTMFmode     : rfc2833
  LastMsg      : 0
  ToHost       :
  Addr->IP     : 192.168.1.7 Port 5060
  Defaddr->IP  : 0.0.0.0 Port 5060
  Def. Username: company_202
  SIP Options  : (none)
  Codecs       : 0x8 (alaw)
  Codec Order  : (alaw:20)
  Auto-Framing:  No
  Status       : UNREACHABLE
  Useragent    :
  Reg. Contact : sip:company_202@192.168.1.7:5060;transport=udp

Open in new window


Here is the unsuccessful registration when sip debug when nat=yes:
 
<--- SIP read from 2.27.26.125:49647 --->
REGISTER sip:PUBLIC_ASTERISK_IP SIP/2.0
Via: SIP/2.0/UDP 192.168.1.7:5060;branch=z9hG4bK5d00bfac
From: <sip:company_202@PUBLIC_ASTERISK_IP>;tag=8cb64f56aad200068b60ca26-096ce204
To: <sip:company_202@PUBLIC_ASTERISK_IP>
Call-ID: 8cb64f56-aad20002-f1651838-6e60771c@192.168.1.7
Max-Forwards: 70
Date: Wed, 14 Sep 2011 07:10:38 GMT
CSeq: 105 REGISTER
User-Agent: Cisco-CP7945G/8.5.3
Contact: <sip:company_202@192.168.1.7:5060;transport=udp>;+sip.instance="<urn:uuid:00000000-0000-0000-0000-8cb64f56aad2>";+u.sip!model.ccm.cisco.com="435"
Supported: (null),X-cisco-xsi-7.0.1
Content-Length: 0
Reason: SIP;cause=200;text="cisco-alarm:20 Name=SEP8CB64F56AAD2 Load=SIP45.8-5-4S Last=phone-keypad"
Expires: 3600


<------------->
--- (14 headers 0 lines) ---
Using latest REGISTER request as basis request
Sending to 2.27.26.125 : 49647 (NAT)

<--- Transmitting (NAT) to 2.27.26.125:49647 --->
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 192.168.1.7:5060;branch=z9hG4bK5d00bfac;received=2.27.26.125
From: <sip:company_202@PUBLIC_ASTERISK_IP>;tag=8cb64f56aad200068b60ca26-096ce204
To: <sip:company_202@PUBLIC_ASTERISK_IP>
Call-ID: 8cb64f56-aad20002-f1651838-6e60771c@192.168.1.7
CSeq: 105 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO
Supported: replaces
Content-Length: 0


<------------>

<--- Transmitting (NAT) to 2.27.26.125:49647 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.168.1.7:5060;branch=z9hG4bK5d00bfac;received=2.27.26.125
From: <sip:company_202@PUBLIC_ASTERISK_IP>;tag=8cb64f56aad200068b60ca26-096ce204
To: <sip:company_202@PUBLIC_ASTERISK_IP>;tag=as682f08ea
Call-ID: 8cb64f56-aad20002-f1651838-6e60771c@192.168.1.7
CSeq: 105 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO
Supported: replaces
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="0034b741"
Content-Length: 0


<------------>
Scheduling destruction of SIP dialog '8cb64f56-aad20002-f1651838-6e60771c@192.168.1.7' in 32000 ms (Method: REGISTER)
sip1*CLI>

Open in new window


Here is the successful registration when sip debug when nat=no:
 
<--- SIP read from 2.27.26.125:49753 --->
REGISTER sip:PUBLIC_ASTERISK_IP SIP/2.0
Via: SIP/2.0/UDP 192.168.1.7:5060;branch=z9hG4bKc5e0894b
From: <sip:company_202@PUBLIC_ASTERISK_IP>;tag=8cb64f56aad20002307ba3cc-9df1921d
To: <sip:company_202@PUBLIC_ASTERISK_IP>
Call-ID: 8cb64f56-aad20002-d2e862f2-09b59f5f@192.168.1.7
Max-Forwards: 70
Date: Wed, 14 Sep 2011 07:14:08 GMT
CSeq: 101 REGISTER
User-Agent: Cisco-CP7945G/8.5.3
Contact: <sip:company_202@192.168.1.7:5060;transport=udp>;+sip.instance="<urn:uuid:00000000-0000-0000-0000-8cb64f56aad2>";+u.sip!model.ccm.cisco.com="435"
Supported: (null),X-cisco-xsi-7.0.1
Content-Length: 0
Reason: SIP;cause=200;text="cisco-alarm:20 Name=SEP8CB64F56AAD2 Load=SIP45.8-5-4S Last=phone-keypad"
Expires: 3600


<------------->
--- (14 headers 0 lines) ---
Using latest REGISTER request as basis request

<--- Transmitting (no NAT) to 2.27.26.125:5060 --->
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 192.168.1.7:5060;branch=z9hG4bKc5e0894b;received=2.27.26.125
From: <sip:company_202@PUBLIC_ASTERISK_IP>;tag=8cb64f56aad20002307ba3cc-9df1921d
To: <sip:company_202@PUBLIC_ASTERISK_IP>
Call-ID: 8cb64f56-aad20002-d2e862f2-09b59f5f@192.168.1.7
CSeq: 101 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO
Supported: replaces
Content-Length: 0


<------------>

<--- Transmitting (no NAT) to 2.27.26.125:5060 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.168.1.7:5060;branch=z9hG4bKc5e0894b;received=2.27.26.125
From: <sip:company_202@PUBLIC_ASTERISK_IP>;tag=8cb64f56aad20002307ba3cc-9df1921d
To: <sip:company_202@PUBLIC_ASTERISK_IP>;tag=as678f5505
Call-ID: 8cb64f56-aad20002-d2e862f2-09b59f5f@192.168.1.7
CSeq: 101 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO
Supported: replaces
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="50d9588a"
Content-Length: 0


<------------>
Scheduling destruction of SIP dialog '8cb64f56-aad20002-d2e862f2-09b59f5f@192.168.1.7' in 32000 ms (Method: REGISTER)

<--- SIP read from 2.27.26.125:49754 --->
REGISTER sip:PUBLIC_ASTERISK_IP SIP/2.0
Via: SIP/2.0/UDP 192.168.1.7:5060;branch=z9hG4bKecc4e076
From: <sip:company_202@PUBLIC_ASTERISK_IP>;tag=8cb64f56aad20002307ba3cc-9df1921d
To: <sip:company_202@PUBLIC_ASTERISK_IP>
Call-ID: 8cb64f56-aad20002-d2e862f2-09b59f5f@192.168.1.7
Max-Forwards: 70
Date: Wed, 14 Sep 2011 07:14:08 GMT
CSeq: 102 REGISTER
User-Agent: Cisco-CP7945G/8.5.3
Contact: <sip:company_202@192.168.1.7:5060;transport=udp>;+sip.instance="<urn:uuid:00000000-0000-0000-0000-8cb64f56aad2>";+u.sip!model.ccm.cisco.com="435"
Authorization: Digest username="company_202",realm="asterisk",uri="sip:PUBLIC_ASTERISK_IP",response="65d538d497bcc4993329ad489c25e0fb",nonce="50d9588a",algorithm=MD5
Supported: (null),X-cisco-xsi-7.0.1
Content-Length: 0
Reason: SIP;cause=200;text="cisco-alarm:20 Name=SEP8CB64F56AAD2 Load=SIP45.8-5-4S Last=phone-keypad"
Expires: 3600


<------------->
--- (15 headers 0 lines) ---
Using latest REGISTER request as basis request

<--- Transmitting (no NAT) to 2.27.26.125:5060 --->
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 192.168.1.7:5060;branch=z9hG4bKecc4e076;received=2.27.26.125
From: <sip:company_202@PUBLIC_ASTERISK_IP>;tag=8cb64f56aad20002307ba3cc-9df1921d
To: <sip:company_202@PUBLIC_ASTERISK_IP>
Call-ID: 8cb64f56-aad20002-d2e862f2-09b59f5f@192.168.1.7
CSeq: 102 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO
Supported: replaces
Content-Length: 0


<------------>
    -- Saved useragent "Cisco-CP7945G/8.5.3" for peer company_202

<--- Transmitting (no NAT) to 2.27.26.125:5060 --->
SIP/2.0 200 OK
Via: SIP/2.0/UDP 192.168.1.7:5060;branch=z9hG4bKecc4e076;received=2.27.26.125
From: <sip:company_202@PUBLIC_ASTERISK_IP>;tag=8cb64f56aad20002307ba3cc-9df1921d
To: <sip:company_202@PUBLIC_ASTERISK_IP>;tag=as678f5505
Call-ID: 8cb64f56-aad20002-d2e862f2-09b59f5f@192.168.1.7
CSeq: 102 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO
Supported: replaces
Expires: 3600
Contact: <sip:company_202@192.168.1.7:5060;transport=udp>;expires=3600
Date: Wed, 14 Sep 2011 07:14:10 GMT
Content-Length: 0

Open in new window


From my research, when nat=yes, asterisk doesnt reply to the port that the Cisco 7945g wants.
Therefore, it doesnt receive the UNAUTHORIZED, and therefore doesnt continue the registration process.

Thanks.
Dan
0
 
LVL 5

Author Comment

by:DanJourno
ID: 36534402
This website explains why nat=yes doesnt work.

I *believe* it is because the 79x1 and above send SIP mesages to the proxy from random high numbered ports, but listen for responses only on the configured "VOIP Control Port" (5060) which makes it incompatible with services running Symmetric NAT. Apparently this is RFC compliant, and cisco contends it is a security enhancement.
http://forum.sipsorcery.com/viewtopic.php?t=2165

However, that doesnt help my audio issue. And at the moment, i'm only trying to get one phone working. Eventually, I'll need to get 40 working.
0
DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

 
LVL 40

Expert Comment

by:noci
ID: 36534551
Did you also map the RTP port range to your phone? (I see no mentioning of these ports in the sip config.
The phone should at least be assign a short rang >= 10 ports per phone (2 per speech channel).
Another problem can be an ALG in your modem/router,
Try to turn it on / off opposite to the current setting if there is support.
0
 
LVL 20

Expert Comment

by:José Méndez
ID: 36540112
So the difference is this:


<--- Transmitting (no NAT) to 2.27.26.125:5060 --->
SIP/2.0 401 Unauthorized

<--- Transmitting (NAT) to 2.27.26.125:49647 --->
SIP/2.0 401 Unauthorized


Do you have the line port=5060 for that sip phone?
0
 
LVL 5

Accepted Solution

by:
DanJourno earned 0 total points
ID: 36556522
Thanks for your help. I had to resolve the issue by installing a local Asterisk server which got around the problem of the phone expecting responses on port 5060.
0
 
LVL 5

Author Closing Comment

by:DanJourno
ID: 37588770
I found a workaround.
0
 

Expert Comment

by:Srikanth Banda
ID: 41802478
HI, I have Cisco 7945G Phones with SIP . I want to make these work with Astersick , Can you help me Please

Thank You
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
centos linux 65 182
windows 7 starter missing password 21 99
bash file 10 62
FTP'ing Huge files ... How to ? FTP in segments -or- pick up ftp where you left off 5 74
Skype is a P2P (Peer to Peer) instant messaging and VOIP (Voice over IP) service – as well as a whole lot more.
Fine Tune your automatic Updates for Ubuntu / Debian
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

680 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question