Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

SIP Trunk Digest Authentication

Hello everyone,

I have been having trouble trying to get SIP Trunk authentication to work.

Im trying to use this as a way of monitoring which trunks are up and down with the end-state and possibly in the future, to be able to display this graphically (using api I guess).

Im not even sure if this is possible so if someone has a better idea on how to achieve this please let me know.

I have tried using RTMT to watch trunks but from what I can see it cant handle the amount of trunks that I would like to watch, in the range of 90 odd.

I have read Cisco Unified Communications Manager Security Guide, Release 8.5(1) and while it explains how to get it working, it does so in a very vague manner.

I have CUCM 8.5 set with a Sip trunk security profile using tcp in and out, with the security mode non secure and enable digest auth ticked.

I have created an application user with all details the same eg, name=siptest, digest=siptest and password=siptest.

I have created a sip trunk and tested sucessfully with digest auth turned off.

on CUCME I have the following config:

--------ommitted-----------

voice service voip

allow-connections sip to sip

fax protocol cisco

sip

  bind control source-interface Loopback0

  bind media source-interface Loopback0

  asymmetric payload full

---------ommitted-----------

dial-peer voice 100 voip

description Inbound Dial Peer

voice-class codec 1

session protocol sipv2

session transport tcp

incoming called-number 7000.

dtmf-relay rtp-nte

!

dial-peer voice 200 voip

description To CUCM

destination-pattern .T

voice-class codec 1

session protocol sipv2

session target sip-server

session transport tcp

dtmf-relay rtp-nte

no vad

---------ommitted-----------

sip-ua

credentials username siptest password 7 105D00091112011F realm ccmsipline

authentication username siptest password 7 120A0C07060E1F10 realm ccmsipline

registrar ipv4:10.0.0.1 expires 3600

sip-server ipv4:10.0.0.1

----------ommitted-----------

Debug ccsip messages gives me this output:

Jul  3 01:57:58.727: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:

Sent:

REGISTER sip:10.0.0.1:5060 SIP/2.0

Via: SIP/2.0/UDP 192.168.1.8:5060;branch=z9hG4bKB2A

From: <sip:siptest@10.0.0.1>;tag=2844ACFC-96

To: <sip:siptest@10.0.0.1>

Date: Tue, 03 Jul 2012 01:57:58 GMT

Call-ID: 5915ED5F-C3E911E1-969887E9-991716BF

User-Agent: Cisco-SIPGateway/IOS-12.x

Max-Forwards: 70

Timestamp: 1341280678

CSeq: 2 REGISTER

Contact: <sip:siptest@192.168.1.8:5060>

Expires:  3600

Content-Length: 0

Jul  3 01:57:58.731: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:

Received:

SIP/2.0 100 Trying

Via: SIP/2.0/UDP 192.168.1.8:5060;branch=z9hG4bKB2A

From: <sip:siptest@10.0.0.1>;tag=2844ACFC-96

To: <sip:siptest@10.0.0.1>

Date: Tue, 03 Jul 2012 01:57:58 GMT

Call-ID: 5915ED5F-C3E911E1-969887E9-991716BF

CSeq: 2 REGISTER

Content-Length: 0

Jul  3 01:57:58.831: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:

Received:

SIP/2.0 401 Unauthorized

Via: SIP/2.0/UDP 192.168.1.8:5060;branch=z9hG4bKB2A

From: <sip:siptest@10.0.0.1>;tag=2844ACFC-96

To: <sip:siptest@10.0.0.1>;tag=1091711221

Date: Tue, 03 Jul 2012 01:57:58 GMT

Call-ID: 5915ED5F-C3E911E1-969887E9-991716BF

CSeq: 2 REGISTER

WWW-Authenticate: Digest realm="ccmsipline", nonce="d5MiGcCRT11J+/Wki1jY0hCR0lOFv3oI", algorithm=MD5

Content-Length: 0

Jul  3 01:57:58.835: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:

Sent:

REGISTER sip:10.0.0.1:5060 SIP/2.0

Via: SIP/2.0/UDP 192.168.1.8:5060;branch=z9hG4bKC201B

From: <sip:siptest@10.0.0.1>;tag=2844ACFC-96

To: <sip:siptest@10.0.0.1>

Date: Tue, 03 Jul 2012 01:57:58 GMT

Call-ID: 5915ED5F-C3E911E1-969887E9-991716BF

User-Agent: Cisco-SIPGateway/IOS-12.x

Max-Forwards: 70

Timestamp: 1341280678

CSeq: 3 REGISTER

Contact: <sip:siptest@192.168.1.8:5060>

Expires: 3600

Authorization: Digest username="siptest",realm="ccmsipline",uri="sip:10.0.0.1:5060",response="cce7435918ed64d08eeb6e574e7d4550",nonce="d5MiGcCRT11J+/Wki1jY0hCR0lOFv3oI",algorithm=MD5

Content-Length: 0

Jul  3 01:57:58.843: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:

Received:

SIP/2.0 100 Trying

Via: SIP/2.0/UDP 192.168.1.8:5060;branch=z9hG4bKC201B

From: <sip:siptest@10.0.0.1>;tag=2844ACFC-96

To: <sip:siptest@10.0.0.1>;tag=1091711221

Date: Tue, 03 Jul 2012 01:57:58 GMT

Call-ID: 5915ED5F-C3E911E1-969887E9-991716BF

CSeq: 3 REGISTER

Content-Length: 0

Jul  3 01:57:58.843: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:

Received:

SIP/2.0 404 Not Found

Via: SIP/2.0/UDP 192.168.1.8:5060;branch=z9hG4bKC201B

From: <sip:siptest@10.0.0.1>;tag=2844ACFC-96

To: <sip:siptest@10.0.0.1>;tag=1091711221

Date: Tue, 03 Jul 2012 01:57:58 GMT

Call-ID: 5915ED5F-C3E911E1-969887E9-991716BF

CSeq: 3 REGISTER

Warning: 399 CMPUB01 "Unable to find device/user in database"

Content-Length: 0

Anyone have any ideas?

Thanks in advance.

913
Views
0
Helpful
0
Replies
CreatePlease login to create content