Authenticating SIP request, Using ACS configured as Radius
I have a Cisco 1112 SACS device configured as Radius server, the SIP servers are added to the ACS as Radius clients for server key: ?key? under authenticate using I choose ?Radius-IETF? for both Radius clients.
I setup users on the SIP server as follow ?1? and ?2? just for testing for calling to and from each other?
ACS Interface configuration for Radius-IETF for the Default Group I checked Login-TCP-port under group configuration Radius-IETF Login-TCP-Port I use port ?1812?.
On the ACS I setup users as follow ?1? and ?2? and the user configuration for both users are as followed Password Authentication: Cisco Secure Database and add the user to the default group.
My problem is when I call from phone 1 to phone 2 I get the message ?Authentication failed? up on checking the ACS failed log I can see the ACS communicating with both SIPS I also see the message ?Bad request from NAS?
Can anyone say what I?m missing and/or what I need to do so the ACS can authenticate the SIP request??
All I wan to accomplish is when the SIP sends a request to the ACS to check if the user is setup the ACS authenticate the user and sends the authorization response back to the SIPS.
Re: Authenticating SIP request, Using ACS configured as Radius
Authentication can occur at a RADIUS server or at the proxy server.
Two types of authentication are supported: HTTP digest authentication and HTTP basic authentication.
Either type can occur at either location.
During authentication, the UAC password is stored as follows:
For RADIUS-supported authentication, it is stored at the RADIUS server. For proxy-supported authentication, it is stored in a subscriber table in a MySQL database.
The default authentication scheme is HTTP digest authentication performed at the Cisco SPS. When digest authentication and basic authentication are performed at the proxy server, the username, as found in the authorization header or the proxy-authorization header, is the key to query the MySQL database.
If authentication takes place at the RADIUS server, Cisco SPS passes the username as one of the attribute/value pairs to the RADIUS server, where it can be used to key the user search before authentication. Additionally, you can configure Cisco SPS to add any desired SIP headers as VSAs in the authentication request to the RADIUS server. More info:
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...