Cisco 7945g with Asterisk

Hi,

Ive been trying for over 24 hours to get a Cisco 7945g IP Phone to talk to Asterisk.
The phone is running the SIP firmware and ive got the config XML files on a local TFTP server.
Asterisk has a public IP and is in a datacentre.
The phone is behind a NAT in my office.

I've found that the only way I can get the phone to authenticate with Asterisk, is by setting NAT=no in the sip.conf file for the peer.
Otherwise, I just see UNAUTHORIZED in SIP Debug.

However, when i set NAT=no, there is only one way audio.
I've got a Polycom phone which is also behind the NAT in my office, and that works fine.

I've tried mapping ports, but that didnt seem to help.

Any ideas?
Thanks
Dan
LVL 5
DanJournoAsked:
Who is Participating?
 
DanJournoConnect With a Mentor Author Commented:
Thanks for your help. I had to resolve the issue by installing a local Asterisk server which got around the problem of the phone expecting responses on port 5060.
0
 
José MéndezCommented:
Can you post the sip.conf info and a sip debug of the registration process?
0
 
DanJournoAuthor Commented:
Here is the sip config:-
 
* Name       : company_202
  Realtime peer: Yes, cached
  Secret       : <Set>
  MD5Secret    : <Not set>
  Context      : company_phones
  Subscr.Cont. : <Not set>
  Language     :
  Accountcode  : company
  AMA flags    : Unknown
  Transfer mode: open
  CallingPres  : Presentation Allowed, Not Screened
  Callgroup    :
  Pickupgroup  :
  Mailbox      :
  VM Extension : asterisk
  LastMsgsSent : 32767/65535
  Call limit   : 0
  Dynamic      : Yes
  Callerid     : "" <>
  MaxCallBR    : 384 kbps
  Expire       : -1
  Insecure     : no
  Nat          : Always
  ACL          : No
  T38 pt UDPTL : No
  CanReinvite  : No
  PromiscRedir : No
  User=Phone   : Yes
  Video Support: No
  Trust RPID   : No
  Send RPID    : Yes
  Subscriptions: Yes
  Overlap dial : Yes
  Forward Loop : Yes
  DTMFmode     : rfc2833
  LastMsg      : 0
  ToHost       :
  Addr->IP     : 192.168.1.7 Port 5060
  Defaddr->IP  : 0.0.0.0 Port 5060
  Def. Username: company_202
  SIP Options  : (none)
  Codecs       : 0x8 (alaw)
  Codec Order  : (alaw:20)
  Auto-Framing:  No
  Status       : UNREACHABLE
  Useragent    :
  Reg. Contact : sip:company_202@192.168.1.7:5060;transport=udp

Open in new window


Here is the unsuccessful registration when sip debug when nat=yes:
 
<--- SIP read from 2.27.26.125:49647 --->
REGISTER sip:PUBLIC_ASTERISK_IP SIP/2.0
Via: SIP/2.0/UDP 192.168.1.7:5060;branch=z9hG4bK5d00bfac
From: <sip:company_202@PUBLIC_ASTERISK_IP>;tag=8cb64f56aad200068b60ca26-096ce204
To: <sip:company_202@PUBLIC_ASTERISK_IP>
Call-ID: 8cb64f56-aad20002-f1651838-6e60771c@192.168.1.7
Max-Forwards: 70
Date: Wed, 14 Sep 2011 07:10:38 GMT
CSeq: 105 REGISTER
User-Agent: Cisco-CP7945G/8.5.3
Contact: <sip:company_202@192.168.1.7:5060;transport=udp>;+sip.instance="<urn:uuid:00000000-0000-0000-0000-8cb64f56aad2>";+u.sip!model.ccm.cisco.com="435"
Supported: (null),X-cisco-xsi-7.0.1
Content-Length: 0
Reason: SIP;cause=200;text="cisco-alarm:20 Name=SEP8CB64F56AAD2 Load=SIP45.8-5-4S Last=phone-keypad"
Expires: 3600


<------------->
--- (14 headers 0 lines) ---
Using latest REGISTER request as basis request
Sending to 2.27.26.125 : 49647 (NAT)

<--- Transmitting (NAT) to 2.27.26.125:49647 --->
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 192.168.1.7:5060;branch=z9hG4bK5d00bfac;received=2.27.26.125
From: <sip:company_202@PUBLIC_ASTERISK_IP>;tag=8cb64f56aad200068b60ca26-096ce204
To: <sip:company_202@PUBLIC_ASTERISK_IP>
Call-ID: 8cb64f56-aad20002-f1651838-6e60771c@192.168.1.7
CSeq: 105 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO
Supported: replaces
Content-Length: 0


<------------>

<--- Transmitting (NAT) to 2.27.26.125:49647 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.168.1.7:5060;branch=z9hG4bK5d00bfac;received=2.27.26.125
From: <sip:company_202@PUBLIC_ASTERISK_IP>;tag=8cb64f56aad200068b60ca26-096ce204
To: <sip:company_202@PUBLIC_ASTERISK_IP>;tag=as682f08ea
Call-ID: 8cb64f56-aad20002-f1651838-6e60771c@192.168.1.7
CSeq: 105 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO
Supported: replaces
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="0034b741"
Content-Length: 0


<------------>
Scheduling destruction of SIP dialog '8cb64f56-aad20002-f1651838-6e60771c@192.168.1.7' in 32000 ms (Method: REGISTER)
sip1*CLI>

Open in new window


Here is the successful registration when sip debug when nat=no:
 
<--- SIP read from 2.27.26.125:49753 --->
REGISTER sip:PUBLIC_ASTERISK_IP SIP/2.0
Via: SIP/2.0/UDP 192.168.1.7:5060;branch=z9hG4bKc5e0894b
From: <sip:company_202@PUBLIC_ASTERISK_IP>;tag=8cb64f56aad20002307ba3cc-9df1921d
To: <sip:company_202@PUBLIC_ASTERISK_IP>
Call-ID: 8cb64f56-aad20002-d2e862f2-09b59f5f@192.168.1.7
Max-Forwards: 70
Date: Wed, 14 Sep 2011 07:14:08 GMT
CSeq: 101 REGISTER
User-Agent: Cisco-CP7945G/8.5.3
Contact: <sip:company_202@192.168.1.7:5060;transport=udp>;+sip.instance="<urn:uuid:00000000-0000-0000-0000-8cb64f56aad2>";+u.sip!model.ccm.cisco.com="435"
Supported: (null),X-cisco-xsi-7.0.1
Content-Length: 0
Reason: SIP;cause=200;text="cisco-alarm:20 Name=SEP8CB64F56AAD2 Load=SIP45.8-5-4S Last=phone-keypad"
Expires: 3600


<------------->
--- (14 headers 0 lines) ---
Using latest REGISTER request as basis request

<--- Transmitting (no NAT) to 2.27.26.125:5060 --->
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 192.168.1.7:5060;branch=z9hG4bKc5e0894b;received=2.27.26.125
From: <sip:company_202@PUBLIC_ASTERISK_IP>;tag=8cb64f56aad20002307ba3cc-9df1921d
To: <sip:company_202@PUBLIC_ASTERISK_IP>
Call-ID: 8cb64f56-aad20002-d2e862f2-09b59f5f@192.168.1.7
CSeq: 101 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO
Supported: replaces
Content-Length: 0


<------------>

<--- Transmitting (no NAT) to 2.27.26.125:5060 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.168.1.7:5060;branch=z9hG4bKc5e0894b;received=2.27.26.125
From: <sip:company_202@PUBLIC_ASTERISK_IP>;tag=8cb64f56aad20002307ba3cc-9df1921d
To: <sip:company_202@PUBLIC_ASTERISK_IP>;tag=as678f5505
Call-ID: 8cb64f56-aad20002-d2e862f2-09b59f5f@192.168.1.7
CSeq: 101 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO
Supported: replaces
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="50d9588a"
Content-Length: 0


<------------>
Scheduling destruction of SIP dialog '8cb64f56-aad20002-d2e862f2-09b59f5f@192.168.1.7' in 32000 ms (Method: REGISTER)

<--- SIP read from 2.27.26.125:49754 --->
REGISTER sip:PUBLIC_ASTERISK_IP SIP/2.0
Via: SIP/2.0/UDP 192.168.1.7:5060;branch=z9hG4bKecc4e076
From: <sip:company_202@PUBLIC_ASTERISK_IP>;tag=8cb64f56aad20002307ba3cc-9df1921d
To: <sip:company_202@PUBLIC_ASTERISK_IP>
Call-ID: 8cb64f56-aad20002-d2e862f2-09b59f5f@192.168.1.7
Max-Forwards: 70
Date: Wed, 14 Sep 2011 07:14:08 GMT
CSeq: 102 REGISTER
User-Agent: Cisco-CP7945G/8.5.3
Contact: <sip:company_202@192.168.1.7:5060;transport=udp>;+sip.instance="<urn:uuid:00000000-0000-0000-0000-8cb64f56aad2>";+u.sip!model.ccm.cisco.com="435"
Authorization: Digest username="company_202",realm="asterisk",uri="sip:PUBLIC_ASTERISK_IP",response="65d538d497bcc4993329ad489c25e0fb",nonce="50d9588a",algorithm=MD5
Supported: (null),X-cisco-xsi-7.0.1
Content-Length: 0
Reason: SIP;cause=200;text="cisco-alarm:20 Name=SEP8CB64F56AAD2 Load=SIP45.8-5-4S Last=phone-keypad"
Expires: 3600


<------------->
--- (15 headers 0 lines) ---
Using latest REGISTER request as basis request

<--- Transmitting (no NAT) to 2.27.26.125:5060 --->
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 192.168.1.7:5060;branch=z9hG4bKecc4e076;received=2.27.26.125
From: <sip:company_202@PUBLIC_ASTERISK_IP>;tag=8cb64f56aad20002307ba3cc-9df1921d
To: <sip:company_202@PUBLIC_ASTERISK_IP>
Call-ID: 8cb64f56-aad20002-d2e862f2-09b59f5f@192.168.1.7
CSeq: 102 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO
Supported: replaces
Content-Length: 0


<------------>
    -- Saved useragent "Cisco-CP7945G/8.5.3" for peer company_202

<--- Transmitting (no NAT) to 2.27.26.125:5060 --->
SIP/2.0 200 OK
Via: SIP/2.0/UDP 192.168.1.7:5060;branch=z9hG4bKecc4e076;received=2.27.26.125
From: <sip:company_202@PUBLIC_ASTERISK_IP>;tag=8cb64f56aad20002307ba3cc-9df1921d
To: <sip:company_202@PUBLIC_ASTERISK_IP>;tag=as678f5505
Call-ID: 8cb64f56-aad20002-d2e862f2-09b59f5f@192.168.1.7
CSeq: 102 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO
Supported: replaces
Expires: 3600
Contact: <sip:company_202@192.168.1.7:5060;transport=udp>;expires=3600
Date: Wed, 14 Sep 2011 07:14:10 GMT
Content-Length: 0

Open in new window


From my research, when nat=yes, asterisk doesnt reply to the port that the Cisco 7945g wants.
Therefore, it doesnt receive the UNAUTHORIZED, and therefore doesnt continue the registration process.

Thanks.
Dan
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
DanJournoAuthor Commented:
This website explains why nat=yes doesnt work.

I *believe* it is because the 79x1 and above send SIP mesages to the proxy from random high numbered ports, but listen for responses only on the configured "VOIP Control Port" (5060) which makes it incompatible with services running Symmetric NAT. Apparently this is RFC compliant, and cisco contends it is a security enhancement.
http://forum.sipsorcery.com/viewtopic.php?t=2165

However, that doesnt help my audio issue. And at the moment, i'm only trying to get one phone working. Eventually, I'll need to get 40 working.
0
 
nociSoftware EngineerCommented:
Did you also map the RTP port range to your phone? (I see no mentioning of these ports in the sip config.
The phone should at least be assign a short rang >= 10 ports per phone (2 per speech channel).
Another problem can be an ALG in your modem/router,
Try to turn it on / off opposite to the current setting if there is support.
0
 
José MéndezCommented:
So the difference is this:


<--- Transmitting (no NAT) to 2.27.26.125:5060 --->
SIP/2.0 401 Unauthorized

<--- Transmitting (NAT) to 2.27.26.125:49647 --->
SIP/2.0 401 Unauthorized


Do you have the line port=5060 for that sip phone?
0
 
DanJournoAuthor Commented:
I found a workaround.
0
 
Srikanth BandaCommented:
HI, I have Cisco 7945G Phones with SIP . I want to make these work with Astersick , Can you help me Please

Thank You
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.