James,<div>When I look at my 7940 phones, I am running version 8.8. It seems to me that this could/should be fixable at your PIX but what are the chance of you flashing your phone to a more recent firmware and seeing if that is helps with the port numbering issue. Just a guess...</div>
<div><br></div><div>Mario</div><meta charset="utf-8"><div><br><div class="gmail_quote">On Tue, Dec 7, 2010 at 1:14 PM, James Lamanna <span dir="ltr"><<a href="mailto:jlamanna@gmail.com">jlamanna@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im">On Tue, Dec 7, 2010 at 11:42 AM, Duane Larson <<a href="mailto:duane.larson@gmail.com">duane.larson@gmail.com</a>> wrote:<br>
> From your original post before you set up nat enable on the Cisco phone<br>
> OpenSIPS was replying back on the 2260 port<br>
><br>
> U nat.ip:2260 -> opensips.ip:5060<br>
> REGISTER sip:opensips.ip SIP/2.0..Via: SIP/2.0/UDP<br>
><br>
> #<br>
> U opensips.ip:5060 -> nat.ip:2260<br>
> SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP<br>
><br>
> So right there without configuring NatEnable on the Cisco phone OpenSIPS is<br>
> sending back to the original port that the Cisco phone used correct?<br>
<br>
</div>Yes, that is correct.<br>
That is with nat_enable : 0.<br>
<div><div></div><div class="h5"><br>
-- James<br>
<br>
><br>
><br>
> On Tue, Dec 7, 2010 at 1:34 PM, James Lamanna <<a href="mailto:jlamanna@gmail.com">jlamanna@gmail.com</a>> wrote:<br>
>><br>
>> On Tue, Dec 7, 2010 at 9:32 AM, Duane Larson <<a href="mailto:duane.larson@gmail.com">duane.larson@gmail.com</a>><br>
>> wrote:<br>
>> > From your SIP message<br>
>> ><br>
>> > U nat.ip:2370 -> opensips.ip:5060 REGISTER sip:opensips.ip<br>
>> > SIP/2.0..Via: SIP/2.0/UDP nat.ip:8427;branch=z9hG4bK79682dfb..<br>
>> > From: <sip:9515013401@opensips.ip;user=phone>..To:<br>
>> > <sip:9515013401@opensips.ip;user=phone>..Call-ID:<br>
>> > 00036be7-b0aa0007-736f1483-25859b27@nat.ip..Date: Mon, 06 Dec 2010<br>
>> > 21:28:11 GMT..CSeq: 200 REGISTER..User-Agent<br>
>> > : CSCO/7..Contact: <sip:9515013401@nat.ip:8427>..Content-Length:<br>
>> > 0..Expires: 45....<br>
>> ><br>
>> > In the VIA header I believe your phone is saying "Talk to me over<br>
>> > nat.ip:8427"<br>
>> ><br>
>> > You might want to set up logging on your PIX/ASA firewall to see whats<br>
>> > getting blocked, but from the way you've explained the issue it doesn't<br>
>> > sound like an OpenSIPS issue. Sounds like a firewall issue or Cisco<br>
>> > phone<br>
>> > issue.<br>
>><br>
>> Logging on the PIX definitely sees packets coming back 8427, which<br>
>> since they aren't part of an established connection get dropped.<br>
>> Maybe going to opensips these phones need sip fixup on, though going<br>
>> directly to Asterisk, they have been working with sip fixup off...<br>
>><br>
>> -- James<br>
>><br>
>><br>
>> ><br>
>> > On Tue, Dec 7, 2010 at 10:22 AM, James Lamanna <<a href="mailto:jlamanna@gmail.com">jlamanna@gmail.com</a>><br>
>> > wrote:<br>
>> >><br>
>> >> Hi Bogdan,<br>
>> >> I guess I'm confused as to why you say its being transmitted back to<br>
>> >> the same IP:Port:<br>
>> >><br>
>> >> U nat.ip:2370 -> opensips.ip:5060<br>
>> >> U opensips.ip:5060 -> nat.ip:8427<br>
>> >><br>
>> >> Shouldn't it be going back to port 2370? And not 8427?<br>
>> >><br>
>> >> -- James<br>
>> >><br>
>> >> On Tue, Dec 7, 2010 at 2:43 AM, Bogdan-Andrei Iancu<br>
>> >> <<a href="mailto:bogdan@voice-system.ro">bogdan@voice-system.ro</a>> wrote:<br>
>> >> > Hi James,<br>
>> >> ><br>
>> >> > From proxy point of view, everything looks ok - I see the reply sent<br>
>> >> > back to<br>
>> >> > the exact IP:port where the request came from....So the reply should<br>
>> >> > make it<br>
>> >> > through the NAT...But it seams it doesn't as the phone keeps<br>
>> >> > retransmitting<br>
>> >> > the REGISTER..<br>
>> >> ><br>
>> >> > Again, from NAT pov, opensips is doing the right stuff (doing<br>
>> >> > symmetric<br>
>> >> > signalling) - there is nothing more you can do here for<br>
>> >> > opensips..Maybe<br>
>> >> > it<br>
>> >> > is something specific to the NAT device - any possibility to<br>
>> >> > debug/trace<br>
>> >> > on<br>
>> >> > it ?<br>
>> >> ><br>
>> >> > Regards,<br>
>> >> > Bogdan<br>
>> >> ><br>
>> >> > James Lamanna wrote:<br>
>> >> >><br>
>> >> >> Hi,<br>
>> >> >> I was wondering if anyone had any experience getting a Cisco 7960<br>
>> >> >> phone to register to opensips when the phone is behind a PIX<br>
>> >> >> firewall.<br>
>> >> >> I'm having a hell of a time getting it to register.<br>
>> >> >> I see these messages:<br>
>> >> >><br>
>> >> >> U nat.ip:2260 -> opensips.ip:5060<br>
>> >> >> REGISTER sip:opensips.ip SIP/2.0..Via: SIP/2.0/UDP<br>
>> >> >> 10.20.33.22:5060;branch=z9hG4bK48039e3a..From: <<br>
>> >> >> sip:xxxxxxx@opensips.ip;user=phone>..To:<br>
>> >> >> <sip:xxxxxxxx@opensips.ip;user=phone>..Call-ID: 0003<br>
>> >> >> 6be7-b0aa0007-46220771-115f4fcc@10.20.33.22..Date: Mon, 06 Dec 2010<br>
>> >> >> 18:10:49 GMT..CSeq: 107 REGISTER<br>
>> >> >> ..User-Agent: CSCO/7..Contact:<br>
>> >> >> <<a href="http://sip:xxxxxxxx@10.20.33.22:5060" target="_blank">sip:xxxxxxxx@10.20.33.22:5060</a>>..Content-Length: 0..Expires: 45....<br>
>> >> >> #<br>
>> >> >> U opensips.ip:5060 -> nat.ip:2260<br>
>> >> >> SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP<br>
>> >> >> 10.20.33.22:5060;branch=z9hG4bK48039e3a;rport=2260;receiv<br>
>> >> >> ed=208.90.184.123..From:<br>
>> >> >> <sip:xxxxxxxxx@opensips.ip;user=phone>..To:<br>
>> >> >> <sip:xxxxxxxx@opensips.ip;<br>
>> >> >> user=phone>;tag=c5cd5e6c2a1d4c975e04c2ff1b643904.5bf3..Call-ID:<br>
>> >> >> 00036be7-b0aa0007-46220771-115f4fcc@<br>
>> >> >> 10.20.33.22..CSeq: 107 REGISTER..WWW-Authenticate: Digest<br>
>> >> >> realm="asterisk", nonce="4cfd27fe0000780d7<br>
>> >> >> 1826527370e7c8b97f663425df75489"..Server: OpenSIPS (1.6.3-notls<br>
>> >> >> (x86_64/linux))..Content-Length: 0..<br>
>> >> >> ..<br>
>> >> >> #<br>
>> >> >> U nat.ip:2260 -> opensips.ip:5060<br>
>> >> >> REGISTER sip:opensips.ip SIP/2.0..Via: SIP/2.0/UDP<br>
>> >> >> 10.20.33.22:5060;branch=z9hG4bK48039e3a..From: <<br>
>> >> >> sip:xxxxxxxxx@opensips.ip;user=phone>..To:<br>
>> >> >> <sip:xxxxxxxx@opensips.ip;user=phone>..Call-ID: 0003<br>
>> >> >> 6be7-b0aa0007-46220771-115f4fcc@10.20.33.22..Date: Mon, 06 Dec 2010<br>
>> >> >> 18:10:49 GMT..CSeq: 107 REGISTER<br>
>> >> >> ..User-Agent: CSCO/7..Contact:<br>
>> >> >> <<a href="http://sip:xxxxxxxxx@10.20.33.22:5060" target="_blank">sip:xxxxxxxxx@10.20.33.22:5060</a>>..Content-Length: 0..Expires: 45....<br>
>> >> >> #<br>
>> >> >> U opensips.ip:5060 -> nat.ip:2260<br>
>> >> >> SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP<br>
>> >> >> 10.20.33.22:5060;branch=z9hG4bK48039e3a;rport=2260;receiv<br>
>> >> >> ed=208.90.184.123..From: <sip:xxxxxxxx@opensips.ip;user=phone>..To:<br>
>> >> >> <sip:xxxxxxxxx@opensips.ip;<br>
>> >> >> user=phone>;tag=c5cd5e6c2a1d4c975e04c2ff1b643904.5bf3..Call-ID:<br>
>> >> >> 00036be7-b0aa0007-46220771-115f4fcc@<br>
>> >> >> 10.20.33.22..CSeq: 107 REGISTER..WWW-Authenticate: Digest<br>
>> >> >> realm="asterisk", nonce="4cfd28000000780e5<br>
>> >> >> c3381d838a044479357aa6c660df432"..Server: OpenSIPS (1.6.3-notls<br>
>> >> >> (x86_64/linux))..Content-Length: 0..<br>
>> >> >><br>
>> >> >> This suggests the 401 response is not making it back to the<br>
>> >> >> phone....but I'm not sure why the PIX would be blocking it.<br>
>> >> >> All sip fixup is off.<br>
>> >> >><br>
>> >> >> Any configuration suggestions would be much appreciated.<br>
>> >> >> The phone has:<br>
>> >> >> nat_enable: 0<br>
>> >> >> nat_received_processing: 0<br>
>> >> >><br>
>> >> >> That was the only way I could get opensips to send the responses<br>
>> >> >> back<br>
>> >> >> to the correct port.<br>
>> >> >><br>
>> >> >> Thanks.<br>
>> >> >><br>
>> >> >> -- James<br>
>> >> >><br>
>> >> >> _______________________________________________<br>
>> >> >> Users mailing list<br>
>> >> >> <a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>
>> >> >> <a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
>> >> >><br>
>> >> >><br>
>> >> ><br>
>> >> ><br>
>> >> > --<br>
>> >> > Bogdan-Andrei Iancu<br>
>> >> > OpenSIPS Bootcamp<br>
>> >> > 15 - 19 November 2010, Edison, New Jersey, USA<br>
>> >> > <a href="http://www.voice-system.ro" target="_blank">www.voice-system.ro</a><br>
>> >> ><br>
>> >> ><br>
>> >> > _______________________________________________<br>
>> >> > Users mailing list<br>
>> >> > <a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>
>> >> > <a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
>> >> ><br>
>> >><br>
>> >> _______________________________________________<br>
>> >> Users mailing list<br>
>> >> <a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>
>> >> <a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
>> ><br>
>> ><br>
>> ><br>
>> > --<br>
>> > --<br>
>> > *--*--*--*--*--*<br>
>> > Duane<br>
>> > *--*--*--*--*--*<br>
>> > --<br>
>> ><br>
>> > _______________________________________________<br>
>> > Users mailing list<br>
>> > <a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>
>> > <a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
>> ><br>
>> ><br>
>><br>
>> _______________________________________________<br>
>> Users mailing list<br>
>> <a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>
>> <a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
><br>
><br>
><br>
> --<br>
> --<br>
> *--*--*--*--*--*<br>
> Duane<br>
> *--*--*--*--*--*<br>
> --<br>
><br>
> _______________________________________________<br>
> Users mailing list<br>
> <a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>
> <a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
><br>
><br>
<br>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a><br>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
</div></div></blockquote></div><br></div>