Solved

Cisco 7945g with Asterisk

Posted on 2011-09-13
8
2,018 Views
Last Modified: 2016-09-16
Hi,

Ive been trying for over 24 hours to get a Cisco 7945g IP Phone to talk to Asterisk.
The phone is running the SIP firmware and ive got the config XML files on a local TFTP server.
Asterisk has a public IP and is in a datacentre.
The phone is behind a NAT in my office.

I've found that the only way I can get the phone to authenticate with Asterisk, is by setting NAT=no in the sip.conf file for the peer.
Otherwise, I just see UNAUTHORIZED in SIP Debug.

However, when i set NAT=no, there is only one way audio.
I've got a Polycom phone which is also behind the NAT in my office, and that works fine.

I've tried mapping ports, but that didnt seem to help.

Any ideas?
Thanks
Dan
0
Comment
Question by:DanJourno
8 Comments
 
LVL 20

Expert Comment

by:José Méndez
ID: 36534024
Can you post the sip.conf info and a sip debug of the registration process?
0
 
LVL 5

Author Comment

by:DanJourno
ID: 36534356
Here is the sip config:-
 
* Name       : company_202
  Realtime peer: Yes, cached
  Secret       : <Set>
  MD5Secret    : <Not set>
  Context      : company_phones
  Subscr.Cont. : <Not set>
  Language     :
  Accountcode  : company
  AMA flags    : Unknown
  Transfer mode: open
  CallingPres  : Presentation Allowed, Not Screened
  Callgroup    :
  Pickupgroup  :
  Mailbox      :
  VM Extension : asterisk
  LastMsgsSent : 32767/65535
  Call limit   : 0
  Dynamic      : Yes
  Callerid     : "" <>
  MaxCallBR    : 384 kbps
  Expire       : -1
  Insecure     : no
  Nat          : Always
  ACL          : No
  T38 pt UDPTL : No
  CanReinvite  : No
  PromiscRedir : No
  User=Phone   : Yes
  Video Support: No
  Trust RPID   : No
  Send RPID    : Yes
  Subscriptions: Yes
  Overlap dial : Yes
  Forward Loop : Yes
  DTMFmode     : rfc2833
  LastMsg      : 0
  ToHost       :
  Addr->IP     : 192.168.1.7 Port 5060
  Defaddr->IP  : 0.0.0.0 Port 5060
  Def. Username: company_202
  SIP Options  : (none)
  Codecs       : 0x8 (alaw)
  Codec Order  : (alaw:20)
  Auto-Framing:  No
  Status       : UNREACHABLE
  Useragent    :
  Reg. Contact : sip:company_202@192.168.1.7:5060;transport=udp

Open in new window


Here is the unsuccessful registration when sip debug when nat=yes:
 
<--- SIP read from 2.27.26.125:49647 --->
REGISTER sip:PUBLIC_ASTERISK_IP SIP/2.0
Via: SIP/2.0/UDP 192.168.1.7:5060;branch=z9hG4bK5d00bfac
From: <sip:company_202@PUBLIC_ASTERISK_IP>;tag=8cb64f56aad200068b60ca26-096ce204
To: <sip:company_202@PUBLIC_ASTERISK_IP>
Call-ID: 8cb64f56-aad20002-f1651838-6e60771c@192.168.1.7
Max-Forwards: 70
Date: Wed, 14 Sep 2011 07:10:38 GMT
CSeq: 105 REGISTER
User-Agent: Cisco-CP7945G/8.5.3
Contact: <sip:company_202@192.168.1.7:5060;transport=udp>;+sip.instance="<urn:uuid:00000000-0000-0000-0000-8cb64f56aad2>";+u.sip!model.ccm.cisco.com="435"
Supported: (null),X-cisco-xsi-7.0.1
Content-Length: 0
Reason: SIP;cause=200;text="cisco-alarm:20 Name=SEP8CB64F56AAD2 Load=SIP45.8-5-4S Last=phone-keypad"
Expires: 3600


<------------->
--- (14 headers 0 lines) ---
Using latest REGISTER request as basis request
Sending to 2.27.26.125 : 49647 (NAT)

<--- Transmitting (NAT) to 2.27.26.125:49647 --->
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 192.168.1.7:5060;branch=z9hG4bK5d00bfac;received=2.27.26.125
From: <sip:company_202@PUBLIC_ASTERISK_IP>;tag=8cb64f56aad200068b60ca26-096ce204
To: <sip:company_202@PUBLIC_ASTERISK_IP>
Call-ID: 8cb64f56-aad20002-f1651838-6e60771c@192.168.1.7
CSeq: 105 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO
Supported: replaces
Content-Length: 0


<------------>

<--- Transmitting (NAT) to 2.27.26.125:49647 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.168.1.7:5060;branch=z9hG4bK5d00bfac;received=2.27.26.125
From: <sip:company_202@PUBLIC_ASTERISK_IP>;tag=8cb64f56aad200068b60ca26-096ce204
To: <sip:company_202@PUBLIC_ASTERISK_IP>;tag=as682f08ea
Call-ID: 8cb64f56-aad20002-f1651838-6e60771c@192.168.1.7
CSeq: 105 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO
Supported: replaces
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="0034b741"
Content-Length: 0


<------------>
Scheduling destruction of SIP dialog '8cb64f56-aad20002-f1651838-6e60771c@192.168.1.7' in 32000 ms (Method: REGISTER)
sip1*CLI>

Open in new window


Here is the successful registration when sip debug when nat=no:
 
<--- SIP read from 2.27.26.125:49753 --->
REGISTER sip:PUBLIC_ASTERISK_IP SIP/2.0
Via: SIP/2.0/UDP 192.168.1.7:5060;branch=z9hG4bKc5e0894b
From: <sip:company_202@PUBLIC_ASTERISK_IP>;tag=8cb64f56aad20002307ba3cc-9df1921d
To: <sip:company_202@PUBLIC_ASTERISK_IP>
Call-ID: 8cb64f56-aad20002-d2e862f2-09b59f5f@192.168.1.7
Max-Forwards: 70
Date: Wed, 14 Sep 2011 07:14:08 GMT
CSeq: 101 REGISTER
User-Agent: Cisco-CP7945G/8.5.3
Contact: <sip:company_202@192.168.1.7:5060;transport=udp>;+sip.instance="<urn:uuid:00000000-0000-0000-0000-8cb64f56aad2>";+u.sip!model.ccm.cisco.com="435"
Supported: (null),X-cisco-xsi-7.0.1
Content-Length: 0
Reason: SIP;cause=200;text="cisco-alarm:20 Name=SEP8CB64F56AAD2 Load=SIP45.8-5-4S Last=phone-keypad"
Expires: 3600


<------------->
--- (14 headers 0 lines) ---
Using latest REGISTER request as basis request

<--- Transmitting (no NAT) to 2.27.26.125:5060 --->
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 192.168.1.7:5060;branch=z9hG4bKc5e0894b;received=2.27.26.125
From: <sip:company_202@PUBLIC_ASTERISK_IP>;tag=8cb64f56aad20002307ba3cc-9df1921d
To: <sip:company_202@PUBLIC_ASTERISK_IP>
Call-ID: 8cb64f56-aad20002-d2e862f2-09b59f5f@192.168.1.7
CSeq: 101 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO
Supported: replaces
Content-Length: 0


<------------>

<--- Transmitting (no NAT) to 2.27.26.125:5060 --->
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.168.1.7:5060;branch=z9hG4bKc5e0894b;received=2.27.26.125
From: <sip:company_202@PUBLIC_ASTERISK_IP>;tag=8cb64f56aad20002307ba3cc-9df1921d
To: <sip:company_202@PUBLIC_ASTERISK_IP>;tag=as678f5505
Call-ID: 8cb64f56-aad20002-d2e862f2-09b59f5f@192.168.1.7
CSeq: 101 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO
Supported: replaces
WWW-Authenticate: Digest algorithm=MD5, realm="asterisk", nonce="50d9588a"
Content-Length: 0


<------------>
Scheduling destruction of SIP dialog '8cb64f56-aad20002-d2e862f2-09b59f5f@192.168.1.7' in 32000 ms (Method: REGISTER)

<--- SIP read from 2.27.26.125:49754 --->
REGISTER sip:PUBLIC_ASTERISK_IP SIP/2.0
Via: SIP/2.0/UDP 192.168.1.7:5060;branch=z9hG4bKecc4e076
From: <sip:company_202@PUBLIC_ASTERISK_IP>;tag=8cb64f56aad20002307ba3cc-9df1921d
To: <sip:company_202@PUBLIC_ASTERISK_IP>
Call-ID: 8cb64f56-aad20002-d2e862f2-09b59f5f@192.168.1.7
Max-Forwards: 70
Date: Wed, 14 Sep 2011 07:14:08 GMT
CSeq: 102 REGISTER
User-Agent: Cisco-CP7945G/8.5.3
Contact: <sip:company_202@192.168.1.7:5060;transport=udp>;+sip.instance="<urn:uuid:00000000-0000-0000-0000-8cb64f56aad2>";+u.sip!model.ccm.cisco.com="435"
Authorization: Digest username="company_202",realm="asterisk",uri="sip:PUBLIC_ASTERISK_IP",response="65d538d497bcc4993329ad489c25e0fb",nonce="50d9588a",algorithm=MD5
Supported: (null),X-cisco-xsi-7.0.1
Content-Length: 0
Reason: SIP;cause=200;text="cisco-alarm:20 Name=SEP8CB64F56AAD2 Load=SIP45.8-5-4S Last=phone-keypad"
Expires: 3600


<------------->
--- (15 headers 0 lines) ---
Using latest REGISTER request as basis request

<--- Transmitting (no NAT) to 2.27.26.125:5060 --->
SIP/2.0 100 Trying
Via: SIP/2.0/UDP 192.168.1.7:5060;branch=z9hG4bKecc4e076;received=2.27.26.125
From: <sip:company_202@PUBLIC_ASTERISK_IP>;tag=8cb64f56aad20002307ba3cc-9df1921d
To: <sip:company_202@PUBLIC_ASTERISK_IP>
Call-ID: 8cb64f56-aad20002-d2e862f2-09b59f5f@192.168.1.7
CSeq: 102 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO
Supported: replaces
Content-Length: 0


<------------>
    -- Saved useragent "Cisco-CP7945G/8.5.3" for peer company_202

<--- Transmitting (no NAT) to 2.27.26.125:5060 --->
SIP/2.0 200 OK
Via: SIP/2.0/UDP 192.168.1.7:5060;branch=z9hG4bKecc4e076;received=2.27.26.125
From: <sip:company_202@PUBLIC_ASTERISK_IP>;tag=8cb64f56aad20002307ba3cc-9df1921d
To: <sip:company_202@PUBLIC_ASTERISK_IP>;tag=as678f5505
Call-ID: 8cb64f56-aad20002-d2e862f2-09b59f5f@192.168.1.7
CSeq: 102 REGISTER
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO
Supported: replaces
Expires: 3600
Contact: <sip:company_202@192.168.1.7:5060;transport=udp>;expires=3600
Date: Wed, 14 Sep 2011 07:14:10 GMT
Content-Length: 0

Open in new window


From my research, when nat=yes, asterisk doesnt reply to the port that the Cisco 7945g wants.
Therefore, it doesnt receive the UNAUTHORIZED, and therefore doesnt continue the registration process.

Thanks.
Dan
0
 
LVL 5

Author Comment

by:DanJourno
ID: 36534402
This website explains why nat=yes doesnt work.

I *believe* it is because the 79x1 and above send SIP mesages to the proxy from random high numbered ports, but listen for responses only on the configured "VOIP Control Port" (5060) which makes it incompatible with services running Symmetric NAT. Apparently this is RFC compliant, and cisco contends it is a security enhancement.
http://forum.sipsorcery.com/viewtopic.php?t=2165

However, that doesnt help my audio issue. And at the moment, i'm only trying to get one phone working. Eventually, I'll need to get 40 working.
0
 
LVL 39

Expert Comment

by:noci
ID: 36534551
Did you also map the RTP port range to your phone? (I see no mentioning of these ports in the sip config.
The phone should at least be assign a short rang >= 10 ports per phone (2 per speech channel).
Another problem can be an ALG in your modem/router,
Try to turn it on / off opposite to the current setting if there is support.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 20

Expert Comment

by:José Méndez
ID: 36540112
So the difference is this:


<--- Transmitting (no NAT) to 2.27.26.125:5060 --->
SIP/2.0 401 Unauthorized

<--- Transmitting (NAT) to 2.27.26.125:49647 --->
SIP/2.0 401 Unauthorized


Do you have the line port=5060 for that sip phone?
0
 
LVL 5

Accepted Solution

by:
DanJourno earned 0 total points
ID: 36556522
Thanks for your help. I had to resolve the issue by installing a local Asterisk server which got around the problem of the phone expecting responses on port 5060.
0
 
LVL 5

Author Closing Comment

by:DanJourno
ID: 37588770
I found a workaround.
0
 

Expert Comment

by:Srikanth Banda
ID: 41802478
HI, I have Cisco 7945G Phones with SIP . I want to make these work with Astersick , Can you help me Please

Thank You
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
I recently purchased a Bluetooth headset called the Music Jogger (model BSH10). The control buttons on it look like this: One of my goals is to use it as the microphone and speakers for Skype calls. In that respect, it works well. However, I …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now