[OpenSIPS-Users] Getting a Cisco 7960 to register behind a PIX

Advantia VoIP Systems info at advantia.ca
Tue Dec 7 23:29:22 CET 2010 

James,
When I look at my 7940 phones, I am running version 8.8.  It seems to me
that this could/should be fixable at your PIX but what are the chance of you
flashing your phone to a more recent firmware and seeing if that is helps
with the port numbering issue.  Just a guess...

Mario

On Tue, Dec 7, 2010 at 1:14 PM, James Lamanna <jlamanna at gmail.com> wrote:

> On Tue, Dec 7, 2010 at 11:42 AM, Duane Larson <duane.larson at gmail.com>
> wrote:
> > From your original post before you set up nat enable on the Cisco phone
> > OpenSIPS was replying back on the 2260 port
> >
> > U nat.ip:2260 -> opensips.ip:5060
> >  REGISTER sip:opensips.ip SIP/2.0..Via: SIP/2.0/UDP
> >
> > #
> > U opensips.ip:5060 -> nat.ip:2260
> >  SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP
> >
> > So right there without configuring NatEnable on the Cisco phone OpenSIPS
> is
> > sending back to the original port that the Cisco phone used correct?
>
> Yes, that is correct.
> That is with nat_enable : 0.
>
> -- James
>
> >
> >
> > On Tue, Dec 7, 2010 at 1:34 PM, James Lamanna <jlamanna at gmail.com>
> wrote:
> >>
> >> On Tue, Dec 7, 2010 at 9:32 AM, Duane Larson <duane.larson at gmail.com>
> >> wrote:
> >> > From your SIP message
> >> >
> >> > U nat.ip:2370 -> opensips.ip:5060 REGISTER sip:opensips.ip
> >> > SIP/2.0..Via: SIP/2.0/UDP nat.ip:8427;branch=z9hG4bK79682dfb..
> >> > From: <sip:9515013401 at opensips.ip;user=phone>..To:
> >> > <sip:9515013401 at opensips.ip;user=phone>..Call-ID:
> >> > 00036be7-b0aa0007-736f1483-25859b27 at nat.ip..Date: Mon, 06 Dec 2010
> >> > 21:28:11 GMT..CSeq: 200 REGISTER..User-Agent
> >> >  : CSCO/7..Contact: <sip:9515013401 at nat.ip:8427>..Content-Length:
> >> > 0..Expires: 45....
> >> >
> >> > In the VIA header I believe your phone is saying "Talk to me over
> >> > nat.ip:8427"
> >> >
> >> > You might want to set up logging on your PIX/ASA firewall to see whats
> >> > getting blocked, but from the way you've explained the issue it
> doesn't
> >> > sound like an OpenSIPS issue.  Sounds like a firewall issue or Cisco
> >> > phone
> >> > issue.
> >>
> >> Logging on the PIX definitely sees packets coming back 8427, which
> >> since they aren't part of an established connection get dropped.
> >> Maybe going to opensips these phones need sip fixup on, though going
> >> directly to Asterisk, they have been working with sip fixup off...
> >>
> >> -- James
> >>
> >>
> >> >
> >> > On Tue, Dec 7, 2010 at 10:22 AM, James Lamanna <jlamanna at gmail.com>
> >> > wrote:
> >> >>
> >> >> Hi Bogdan,
> >> >> I guess I'm confused as to why you say its being transmitted back to
> >> >> the same IP:Port:
> >> >>
> >> >> U nat.ip:2370 -> opensips.ip:5060
> >> >> U opensips.ip:5060 -> nat.ip:8427
> >> >>
> >> >> Shouldn't it be going back to port 2370? And not 8427?
> >> >>
> >> >> -- James
> >> >>
> >> >> On Tue, Dec 7, 2010 at 2:43 AM, Bogdan-Andrei Iancu
> >> >> <bogdan at voice-system.ro> wrote:
> >> >> > Hi James,
> >> >> >
> >> >> > From proxy point of view, everything looks ok - I see the reply
> sent
> >> >> > back to
> >> >> > the exact IP:port where the request came from....So the reply
> should
> >> >> > make it
> >> >> > through the NAT...But it seams it doesn't as the phone keeps
> >> >> > retransmitting
> >> >> > the REGISTER..
> >> >> >
> >> >> > Again, from NAT pov, opensips is doing the right stuff (doing
> >> >> > symmetric
> >> >> > signalling) - there is nothing more you can do here for
> >> >> > opensips..Maybe
> >> >> > it
> >> >> > is something specific to the NAT device - any possibility to
> >> >> > debug/trace
> >> >> > on
> >> >> > it ?
> >> >> >
> >> >> > Regards,
> >> >> > Bogdan
> >> >> >
> >> >> > James Lamanna wrote:
> >> >> >>
> >> >> >> Hi,
> >> >> >> I was wondering if anyone had any experience getting a Cisco 7960
> >> >> >> phone to register to opensips when the phone is behind a PIX
> >> >> >> firewall.
> >> >> >> I'm having a hell of a time getting it to register.
> >> >> >> I see these messages:
> >> >> >>
> >> >> >> U nat.ip:2260 -> opensips.ip:5060
> >> >> >>  REGISTER sip:opensips.ip SIP/2.0..Via: SIP/2.0/UDP
> >> >> >> 10.20.33.22:5060;branch=z9hG4bK48039e3a..From: <
> >> >> >>  sip:xxxxxxx at opensips.ip;user=phone>..To:
> >> >> >> <sip:xxxxxxxx at opensips.ip;user=phone>..Call-ID: 0003
> >> >> >>  6be7-b0aa0007-46220771-115f4fcc at 10.20.33.22..Date: Mon, 06 Dec
> 2010
> >> >> >> 18:10:49 GMT..CSeq: 107 REGISTER
> >> >> >>  ..User-Agent: CSCO/7..Contact:
> >> >> >> <sip:xxxxxxxx at 10.20.33.22:5060>..Content-Length: 0..Expires:
> 45....
> >> >> >> #
> >> >> >> U opensips.ip:5060 -> nat.ip:2260
> >> >> >>  SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP
> >> >> >> 10.20.33.22:5060;branch=z9hG4bK48039e3a;rport=2260;receiv
> >> >> >>  ed=208.90.184.123..From:
> >> >> >> <sip:xxxxxxxxx at opensips.ip;user=phone>..To:
> >> >> >> <sip:xxxxxxxx at opensips.ip;
> >> >> >>  user=phone>;tag=c5cd5e6c2a1d4c975e04c2ff1b643904.5bf3..Call-ID:
> >> >> >> 00036be7-b0aa0007-46220771-115f4fcc@
> >> >> >>  10.20.33.22..CSeq: 107 REGISTER..WWW-Authenticate: Digest
> >> >> >> realm="asterisk", nonce="4cfd27fe0000780d7
> >> >> >>  1826527370e7c8b97f663425df75489"..Server: OpenSIPS (1.6.3-notls
> >> >> >> (x86_64/linux))..Content-Length: 0..
> >> >> >>  ..
> >> >> >> #
> >> >> >> U nat.ip:2260 -> opensips.ip:5060
> >> >> >>  REGISTER sip:opensips.ip SIP/2.0..Via: SIP/2.0/UDP
> >> >> >> 10.20.33.22:5060;branch=z9hG4bK48039e3a..From: <
> >> >> >>  sip:xxxxxxxxx at opensips.ip;user=phone>..To:
> >> >> >> <sip:xxxxxxxx at opensips.ip;user=phone>..Call-ID: 0003
> >> >> >>  6be7-b0aa0007-46220771-115f4fcc at 10.20.33.22..Date: Mon, 06 Dec
> 2010
> >> >> >> 18:10:49 GMT..CSeq: 107 REGISTER
> >> >> >>  ..User-Agent: CSCO/7..Contact:
> >> >> >> <sip:xxxxxxxxx at 10.20.33.22:5060>..Content-Length: 0..Expires:
> 45....
> >> >> >> #
> >> >> >> U opensips.ip:5060 -> nat.ip:2260
> >> >> >>  SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP
> >> >> >> 10.20.33.22:5060;branch=z9hG4bK48039e3a;rport=2260;receiv
> >> >> >>  ed=208.90.184.123..From: <sip:xxxxxxxx at opensips.ip
> ;user=phone>..To:
> >> >> >> <sip:xxxxxxxxx at opensips.ip;
> >> >> >>  user=phone>;tag=c5cd5e6c2a1d4c975e04c2ff1b643904.5bf3..Call-ID:
> >> >> >> 00036be7-b0aa0007-46220771-115f4fcc@
> >> >> >>  10.20.33.22..CSeq: 107 REGISTER..WWW-Authenticate: Digest
> >> >> >> realm="asterisk", nonce="4cfd28000000780e5
> >> >> >>  c3381d838a044479357aa6c660df432"..Server: OpenSIPS (1.6.3-notls
> >> >> >> (x86_64/linux))..Content-Length: 0..
> >> >> >>
> >> >> >> This suggests the 401 response is not making it back to the
> >> >> >> phone....but I'm not sure why the PIX would be blocking it.
> >> >> >> All sip fixup is off.
> >> >> >>
> >> >> >> Any configuration suggestions would be much appreciated.
> >> >> >> The phone has:
> >> >> >> nat_enable: 0
> >> >> >> nat_received_processing: 0
> >> >> >>
> >> >> >> That was the only way I could get opensips to send the responses
> >> >> >> back
> >> >> >> to the correct port.
> >> >> >>
> >> >> >> Thanks.
> >> >> >>
> >> >> >> -- James
> >> >> >>
> >> >> >> _______________________________________________
> >> >> >> Users mailing list
> >> >> >> Users at lists.opensips.org
> >> >> >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >> >> >>
> >> >> >>
> >> >> >
> >> >> >
> >> >> > --
> >> >> > Bogdan-Andrei Iancu
> >> >> > OpenSIPS Bootcamp
> >> >> > 15 - 19 November 2010, Edison, New Jersey, USA
> >> >> > www.voice-system.ro
> >> >> >
> >> >> >
> >> >> > _______________________________________________
> >> >> > Users mailing list
> >> >> > Users at lists.opensips.org
> >> >> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >> >> >
> >> >>
> >> >> _______________________________________________
> >> >> Users mailing list
> >> >> Users at lists.opensips.org
> >> >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >> >
> >> >
> >> >
> >> > --
> >> > --
> >> > *--*--*--*--*--*
> >> > Duane
> >> > *--*--*--*--*--*
> >> > --
> >> >
> >> > _______________________________________________
> >> > Users mailing list
> >> > Users at lists.opensips.org
> >> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >> >
> >> >
> >>
> >> _______________________________________________
> >> Users mailing list
> >> Users at lists.opensips.org
> >> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >
> >
> >
> > --
> > --
> > *--*--*--*--*--*
> > Duane
> > *--*--*--*--*--*
> > --
> >
> > _______________________________________________
> > Users mailing list
> > Users at lists.opensips.org
> > http://lists.opensips.org/cgi-bin/mailman/listinfo/users
> >
> >
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20101207/228c6086/attachment.htm>

More information about the Users mailing list