Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Can TCL IVR for SIP generate digest authentication responses?

I am trying to use TCL IVR running on our Cisco IAD2431 to send a SIP SUBSCRIBE message to an IMS SIP Proxy to subscribe to SIP registration events.  Our Nokia-Siemens IMS Proxy responds to each SUBSCRIBE with a SIP 407 Proxy Authentication Required message containing a Proxy-Authenticate header field containing a long 'nonce' (the challenge), to which the 2431 needs to respond by resending the SUBSCRIBE with Proxy-Authorization header containing a different nonce (the response) which is calculated using the shared secret SIP user password according the standard SIP digest crytographic method, using md5 I believe. Is it possible for the Cisco TCL script to calculate the response using existing TCL crypto packages?  I am hoping Joe Clarke can reply, but if anybody else knows the answer to this question, please reply to this post. 

The reason we need to do this is that when an IMS subscriber's account is changed in any way, the IMS declares the account de-registered, and will not send new inbound calls to the SIP-UA until it re-registers.  The IMS expects all subscriber SIP-UAs to subscribe to registration events, and will then send a NOTIFY whenever the UA is de-registered.  Currently, our subscriber provisioning systems may change a subscriber account for a variety of reasons, such as adding a new block of phone numbers to the PBX behind the 2431, and the people who do so do not have the ability to log into the 2431 and manually force a re-registration.  To avoid outages in such instances requires time-consuming coordination and manual action from our Operations people to force re-registration.  So we are trying to build a TCL IVR/EEM script to send the SUBSCRIBE, including the digest auth response, and then wait for NOTIFY messages, and then using the  CLI to re-initialize the 2431's sip-ua registrar configuration, causing a new registration.  But without the crypto piece, we may have trouble getting this to work without security issues. Please let me know if you know whether this capability exists within existing Cisco TCL or C packages.

  • Network Management
Everyone's tags (5)