SIP digest authentication dial-peer

espinedo1 · ‎12-30-2013

Hello,

I have implemented a VoIP gateway with a 2901 cisco and a VWIC3 module. In the IP network I have an Asterisk PBX. In the PSTN I have a E1 primary trunk.

I'd like that all the calls from Asterisk to PSTN were authenticated (with SIP digest)

I have tried using the "authentication" in "dial-peer", but the calls are processed without authentication.

Any idea?

dial-peer voice 2 voip
description outbound calls from Asterisk (inbound leg)
session protocol sipv2
incoming called-number .
voice-class codec 1
dtmf-relay rtp-nte

authentication username dpinedo password 7 1248574446 realm asterisk --> doesn't work
no vad

dial-peer voice 4 pots
description outbound calls from Asterisk (outbound leg)
destination-pattern .

port 0/0/0:15

espinedo1 · ‎01-02-2014

I think the problem I'm having is because I have also defined the reverse route (calls from PSTN to Asterisk), informing the Asterisk IP address in the "session target". So the IP is added to the "trusted list" and no authentication is required.

Does any one know how to force the digest authentication (as Asterisk does for SIP trunks type peer)?

Carlo Poggiarelli · ‎01-02-2014

Hi David.

Remove authentication under dial-peer and use authentication under sip-ua

sip-ua

authentication username dpinedo password 7 1248574446 realm asterisk <<---- For outbound

credentials username dpinedo password 7 1248574446 realm asterisk

Than send the output of a show sip-ua register status and a debug ccsip messeges during an oubound call

HTH

Regards

Carlo

Please rate all helpful posts

"The more you help the more you learn"

Please rate all helpful posts "The more you help the more you learn"

espinedo1 · ‎01-08-2014

Hello Carlo,

I have tried with authentication in sip-ua also, with the same result.

The "show sip-ua register status" returns "Registrar is not configured", which is correct, because I don't want the Cisco to be registered on any Registrar.

What I'd like is that the calls originated from my Asterisk PBX were authenticated before to go out to PSTN

Asterisk ----SIP INVITE----> Cisco

Asterisk <--- Challenge ----- Cisco

Asterisk ---Authentication-->Cisco ---- SETUP---->PSTN

But the problem is that the Cisco never Challenges the Asterisk (After receive the SIP Invite, the Cisco sends the 100 trying, then the 183 session progress, and then the call is established).

Maybe I'm missunderstunding somethinb because the only way I have found to get the calls from Asterisk to PSTN to work (without authentication) was informing the session target with the Asterisk IP in the dial-peer corresponding to the inbound leg, as follows:

dial-peer voice 2 voip
description calls from Asterisk (inbound leg)
session protocol sipv2
session target ipv4:89.1.23.205
incoming called-number .
voice-class codec 1
dtmf-relay rtp-nte
no vad
!
dial-peer voice 4 pots
description calls from Asterisk (outbound leg)
destination-pattern .
no digit-strip
port 0/0/0:15

!

sip-ua

authentication username dpinedo password 7 1248574446 realm asterisk

Carlo Poggiarelli · ‎01-08-2014

Hi David.

What you can also do, is restrict the list of ip addresses that can do SIP sessions with the gateway using ip address trusted list command under voice service voip configuration section.

Eg-

voice service voip

ip address trusted list

ipv4 89.1.23.205 255.255.255.255

In this case, only you asterisk is allowed to initiate a SIP/H323 session with your VG.

HTH

Regards

Carlo

Please rate all helpful posts "The more you help the more you learn"

espinedo1 · ‎01-08-2014

Thankyou Carlo

If I add the IP of the Asterisk to the trusted list I don't need to inform it in the session target of the dial-peer. But I have the same problem: The call is processed without digest authentication.

Regards