SIP trunk to provider authentication issue

Unanswered Question
Apr 14th, 2009

Hi,

I'm setting up a sip trunk from a 2811 running IOS 12.4.22T to our provider.

I have configured the authentication on the SIP-ua and a dial peer that sends outbound calls to the sip server 9see config below)

dial-peer voice 99 voip

translation-profile outgoing outgoing_strip_2

destination-pattern 2T

voice-class sip dtmf-relay force rtp-nte

session protocol sipv2

session target sip-server

session transport udp

dtmf-relay rtp-nte

codec g711ulaw

no vad

sip-ua

authentication username 87800046100114 password 7 095F5A011C0C4F111F

no remote-party-id

retry invite 2

retry register 10

timers connect 100

sip-server ipv4:87.238.224.40

host-registrar

When I try to call out I get a voice message from the provider saying the account is not valid. I contacted the provider about this and they say I'm not sending the authentication to them.

Any ideas?

Thanks,

jeroen

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
steven.lass Thu, 04/16/2009 - 06:42

Looking at the debug. The gateway sends the SIP INVITE. 87.238.224.40 sends back 183 Session Progress (ringing) 400 milliseconds later. The gateway sends CANCEL (normal clearing) 6 seconds later.

The messaging looks normal. The SIP telco is not requesting authentication, so that is not the issue.

Did you place the call, not hear anything, and hangup 6 seconds later?

I suspect the RTP packets are being sent by the SIP telco, but you are not getting (ie. hearing) them. Is this actually a routing/NAT/firewall issue?

-steve

jeroenhermans Thu, 04/16/2009 - 06:51

Hi Steve,

Thanks for your analysis and reply.

When I place a call out on the sip trunk I get a voice message from the provider saying " this is not a valid account". This means rtp packets are flowing. When I asked the pro vider about this they came back saying they block thecalls because we apparently authenticate on ip address and not. By credentials.

Hope this helps,

Jeroen

steven.lass Thu, 04/16/2009 - 12:03

Ah. I think I finally understand the issue.

I noticed that the FXS line is registered as "0757601200", but in the SIP INVITE, the From header has "1003".

Can you put in a translation profile to change the From header and see if that resolves the problem?

-steve

jeroenhermans Thu, 04/16/2009 - 12:15

Hi Steve,

Thanks for your continued support

Where do you get the number '0757601200' from?

The username setup on the sip-ua is 87800046100114.

How can I build the translation (is that the same as a normal translation rule on a h323 gateway?)?

Thanks,

Jeroen

steven.lass Thu, 04/16/2009 - 12:40

0757601200 came from Konrad's post ... I am botching this left and right. Sorry.

Yes, the translations used on H323 dial-peers will also work on SIP dial-peers. Based on my previous posts, I'm expecting the following to have some error :)

voice translation-rule 1

rule 1 /^1003/ /87800046100114/

voice translation-profile ANI

translate calling 1

dial-peer voice 99 voip

translation-profile outgoing ANI

I noticed that you already have a translation-profile, so you will have to merge this config with your existing config.

with foot in mouth,

-steve

jeroenhermans Thu, 04/16/2009 - 13:08

Hi Steve,

I added the translation rule to my existing profile and the calling number is succefully translated when I make an outbound call.

I continue to receive the error message from my provider.

I will contact them again and ask them to check the last test call.

Thanks,

jeroen

KonradStepniewski Wed, 04/15/2009 - 03:17

Got working SIP trunk:

sip-ua

credentials username xxx password yyy realm ipkund1.rixtelecom.se

authentication username xxx password yyy

registrar dns:ipkund1.rixtelecom.se expires 3600

sip-server dns:ipkund1.rixtelecom.se

you can try with those commands.

And you should see something like this:

cpvg1#sh sip-ua register status

Line peer expires(sec) registered

============ ============= ============ ===========

0757601200 -1 1125 yes

Regards,

K.

jeroenhermans Wed, 04/15/2009 - 21:50

Hi Konrad,

The command show sip-ua register status shows me 2 extensions being registered (2 analog extensions connected to a vic2-2fxs).

RGds,

Jeroen

dheffordaca Thu, 04/16/2009 - 18:29

Jeroen,

I have had this before. Try adding under sip-ua credentials username {username password {password} realm {SIP provider realm}.

Also check sip-ua transport is UDP or TCP depending on ITSP requirements.

Dave

jeroenhermans Fri, 04/17/2009 - 07:28

Hi Dave,

I requested the sip realm from the provider and added the credentials command. The issue remains.

The transport is set to UDP as this is what the provider indicated we should use.

Thanks,

Jeroen

jeroenhermans Tue, 04/21/2009 - 00:45

Hi Guys,

I have done some more debugging together with the provider and they tell me we are trying to authenticate based on IP address and not on username.

WHen I place a call and then run the command show call history voice last 2

I can see the details of my last testcall and the username= field is empty

How can we make sure we authenticate on username?

Thanks,

Jeroen

jeroenhermans Tue, 04/21/2009 - 05:50

Hi,

It turns out the provider had made an issue in the configuration.

I am now able to place calls out via the sip trunk, but only from analog phones that are connected via a FXS port on the same gateway where the sip trunk is configured.

If I try to place a call out from a IPphone that is registered to callmanager, I get this termination text on the gateway :

DisconnectText=bearer capability not authorized (57)

Could it be that this is happening because the extension is not registered in SIP?

Thanks,

JEroen

Actions

This Discussion