SIP trunk to provider authentication issue

Unanswered Question
Apr 14th, 2009
User Badges:


I'm setting up a sip trunk from a 2811 running IOS 12.4.22T to our provider.

I have configured the authentication on the SIP-ua and a dial peer that sends outbound calls to the sip server 9see config below)

dial-peer voice 99 voip

translation-profile outgoing outgoing_strip_2

destination-pattern 2T

voice-class sip dtmf-relay force rtp-nte

session protocol sipv2

session target sip-server

session transport udp

dtmf-relay rtp-nte

codec g711ulaw

no vad


authentication username 87800046100114 password 7 095F5A011C0C4F111F

no remote-party-id

retry invite 2

retry register 10

timers connect 100

sip-server ipv4:


When I try to call out I get a voice message from the provider saying the account is not valid. I contacted the provider about this and they say I'm not sending the authentication to them.

Any ideas?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
steven.lass Tue, 04/14/2009 - 08:01
User Badges:

Can you turn on "debug ccsip messages" and post the output?


steven.lass Thu, 04/16/2009 - 06:42
User Badges:

Looking at the debug. The gateway sends the SIP INVITE. sends back 183 Session Progress (ringing) 400 milliseconds later. The gateway sends CANCEL (normal clearing) 6 seconds later.

The messaging looks normal. The SIP telco is not requesting authentication, so that is not the issue.

Did you place the call, not hear anything, and hangup 6 seconds later?

I suspect the RTP packets are being sent by the SIP telco, but you are not getting (ie. hearing) them. Is this actually a routing/NAT/firewall issue?


jeroenhermans Thu, 04/16/2009 - 06:51
User Badges:

Hi Steve,

Thanks for your analysis and reply.

When I place a call out on the sip trunk I get a voice message from the provider saying " this is not a valid account". This means rtp packets are flowing. When I asked the pro vider about this they came back saying they block thecalls because we apparently authenticate on ip address and not. By credentials.

Hope this helps,


steven.lass Thu, 04/16/2009 - 12:03
User Badges:

Ah. I think I finally understand the issue.

I noticed that the FXS line is registered as "0757601200", but in the SIP INVITE, the From header has "1003".

Can you put in a translation profile to change the From header and see if that resolves the problem?


jeroenhermans Thu, 04/16/2009 - 12:15
User Badges:

Hi Steve,

Thanks for your continued support

Where do you get the number '0757601200' from?

The username setup on the sip-ua is 87800046100114.

How can I build the translation (is that the same as a normal translation rule on a h323 gateway?)?



steven.lass Thu, 04/16/2009 - 12:40
User Badges:

0757601200 came from Konrad's post ... I am botching this left and right. Sorry.

Yes, the translations used on H323 dial-peers will also work on SIP dial-peers. Based on my previous posts, I'm expecting the following to have some error :)

voice translation-rule 1

rule 1 /^1003/ /87800046100114/

voice translation-profile ANI

translate calling 1

dial-peer voice 99 voip

translation-profile outgoing ANI

I noticed that you already have a translation-profile, so you will have to merge this config with your existing config.

with foot in mouth,


jeroenhermans Thu, 04/16/2009 - 13:08
User Badges:

Hi Steve,

I added the translation rule to my existing profile and the calling number is succefully translated when I make an outbound call.

I continue to receive the error message from my provider.

I will contact them again and ask them to check the last test call.



KonradStepniewski Wed, 04/15/2009 - 03:17
User Badges:
  • Silver, 250 points or more

Got working SIP trunk:


credentials username xxx password yyy realm

authentication username xxx password yyy

registrar expires 3600


you can try with those commands.

And you should see something like this:

cpvg1#sh sip-ua register status

Line peer expires(sec) registered

============ ============= ============ ===========

0757601200 -1 1125 yes



jeroenhermans Wed, 04/15/2009 - 21:50
User Badges:

Hi Konrad,

The command show sip-ua register status shows me 2 extensions being registered (2 analog extensions connected to a vic2-2fxs).



dheffordaca Thu, 04/16/2009 - 18:29
User Badges:


I have had this before. Try adding under sip-ua credentials username {username password {password} realm {SIP provider realm}.

Also check sip-ua transport is UDP or TCP depending on ITSP requirements.


jeroenhermans Fri, 04/17/2009 - 07:28
User Badges:

Hi Dave,

I requested the sip realm from the provider and added the credentials command. The issue remains.

The transport is set to UDP as this is what the provider indicated we should use.



jeroenhermans Tue, 04/21/2009 - 00:45
User Badges:

Hi Guys,

I have done some more debugging together with the provider and they tell me we are trying to authenticate based on IP address and not on username.

WHen I place a call and then run the command show call history voice last 2

I can see the details of my last testcall and the username= field is empty

How can we make sure we authenticate on username?



jeroenhermans Tue, 04/21/2009 - 05:50
User Badges:


It turns out the provider had made an issue in the configuration.

I am now able to place calls out via the sip trunk, but only from analog phones that are connected via a FXS port on the same gateway where the sip trunk is configured.

If I try to place a call out from a IPphone that is registered to callmanager, I get this termination text on the gateway :

DisconnectText=bearer capability not authorized (57)

Could it be that this is happening because the extension is not registered in SIP?




This Discussion