[Serusers] Can't Register Cisco ATA - www_challege Fails

Elton Machado elton.machado at gmail.com
Fri Apr 29 00:24:44 CEST 2005 

In my Allnet, devices I have the same problem, I have no options to set
realm or domain, what I usually do is, to have a dns entry for the
domain/realm at my dns server and in device I use the same entry as outbound
and sip proxy, instead of using an ip entry or other dns name. 

Another choice is to try out at authentication user or in user field, to use
this form sipuser at realm instead of sipuser. 

I never configure a Cisco ATA, but in you case I will try the both ways. 

Regards and keep us current of results. 

Elton 




-----Original Message-----
From: serusers-bounces at iptel.org [mailto:serusers-bounces at lists.iptel.org] On
Behalf Of Aaron W
Sent: quinta-feira, 28 de Abril de 2005 21:52
To: serusers at lists.iptel.org
Subject: [Serusers] Can't Register Cisco ATA - www_challege Fails

I have SER setup on 10.9.8.7 which is on the internet.  I have a Cisco
ATA at home beind a linksys router.  The ATA has an non-routeable ip
of 192.168.1.107, while the public IP of my linksys router is 1.2.3.4 
I can not get the cisco ATA to register, and i dont know why.  I have
posted results on Ngrep, also some debugging info from SER and my
acutal ser.cfg  In the setup for the ATA I gave it the proxy as an IP
address (10.9.8.7), there is no place in the cisco config (that I can
find) to specify a domain/realm.  And the DNS server that my linksys
router has doesnt have a route to sip1.jmusa.com  Is that the problem,
if so whats the best way around it?

Results of ngrep:

U 1.2.3.4:5060 -> 10.9.8.7:5060
  REGISTER sip:10.9.8.7SIP/2.0..Via: SIP/2.0/UDP
192.168.1.107:5060;branch=z9hG4bKfac02618b73b6b6
  a..From: Aaron <sip:8306 at 10.9.8.7;user=phone>;tag=3424024559..To:
Aaron <sip:8306 at 10.9.8.7;
  user=phone>..Call-ID: 2834281883 at 192.168.1.107..CSeq: 3
REGISTER..Contact: Aaron <sip:8306 at 192.168.1.
  107:5060;user=phone;transport=udp>;expires=3600..User-Agent: Cisco
ATA 188  v3.2.0 atasip (041111A)..
  Authorization: Digest
username="8306",realm="sip1.jmusa.com",nonce="427023d34e56189a2adcddfb16228d
de9
 
f51f0eb",uri="sip:10.9.8.7",response="7b9e7ec34e8d4f8157fb66e140f95cbe"..Con
tent-Length:
0....
#
U 10.9.8.7:5060 -> 1.2.3.4:5060
  SIP/2.0 100 Trying..Via: SIP/2.0/UDP
192.168.1.107:5060;branch=z9hG4bKfac02618b73b6b6a;received=69.14
  2.66.52..From: Aaron
<sip:8306 at 10.9.8.7;user=phone>;tag=3424024559..To: Aaron
<sip:8306 at 65.199.1
  91.83;user=phone>..Call-ID: 2834281883 at 192.168.1.107..CSeq: 3
REGISTER..Server: Sip EXpress router (0
  .9.0 (i386/linux))..Content-Length: 0..Warning: 392 10.9.8.7:5060
"Noisy feedback tells:  pid=91
  53 req_src_ip=1.2.3.4 req_src_port=5060
in_uri=sip:10.9.8.7out_uri=sip:10.9.8.7via_c
  nt==1"....
#
U 10.9.8.7:5060 -> 1.2.3.4:5060
  SIP/2.0 401 Unauthorized..Via: SIP/2.0/UDP
192.168.1.107:5060;branch=z9hG4bKfac02618b73b6b6a;rport=50
  60;received=1.2.3.4..From: Aaron
<sip:8306 at 10.9.8.7;user=phone>;tag=3424024559..To: Aaron <
 
sip:8306 at 10.9.8.7;user=phone>;tag=b27e1a1d33761e85846fc98f5f3a7e58.a0aa..Cal
l-ID:
2834281883 at 192
  .168.1.107..CSeq: 3 REGISTER..WWW-Authenticate: Digest
realm="jmusa.com", nonce="427147ef446cc27cc8b6
  502323243e02f9b5dfb6"..Server: Sip EXpress router (0.9.0
(i386/linux))..Content-Length: 0..Warning: 3
  92 10.9.8.7:5060 "Noisy feedback tells:  pid=9153 req_src_ip=1.2.3.4
req_src_port=5060 in_u
  ri=sip:10.9.8.7out_uri=sip:10.9.8.7via_cnt==1"....


My messages:
Apr 28 16:26:33 sip1 /sbin/ser[9148]: CLIENT NAT TEST 7 IS TRUE: From
sip:8306 at 10.9.8.7;user=phone, To sip:8306 at 10.9.8.7;user=phone, Call
ID: 2834281883 at 192.168.1.107, MESASGE ID 2
Apr 28 16:26:33 sip1 /sbin/ser[9148]: BEGIN WWW AUTH: From
sip:8306 at 10.9.8.7;user=phone, To sip:8306 at 10.9.8.7;user=phone, Call
ID: 2834281883 at 192.168.1.107, MESASGE ID 2
Apr 28 16:26:33 sip1 /sbin/ser[9148]: WWW AUTHFAIL PRE CHALLEGE: From
sip:8306 at 10.9.8.7;user=phone, To sip:8306 at 10.9.8.7;user=phone, Call
ID: 2834281883 at 192.168.1.107, MESASGE ID 2
---Then nothing else......


My ser.cfg (snipped)
----snip----
	if (method=="INVITE") {
			route(3);
			break;
		} else if (method=="REGISTER") {
			route(2);
			break;
----snip----
route[2] {
	# -----------------------------------------------------------------
	# REGISTER Message Handler
	# ----------------------------------------------------------------
	sl_send_reply("100", "Trying");
	if (!search("^Contact: \*") && client_nat_test("7")) {
		xlog("L_ERR","CLIENT NAT TEST 7 IS TRUE: From %fu, To %tu,
Call ID:
%ci, MESASGE ID %mi");
		setflag(6);
		fix_nated_register();
		force_rport();
	};
xlog("L_ERR","BEGIN WWW AUTH: From %fu, To %tu, Call ID: %ci, MESASGE ID
%mi");
	if (!www_authorize("sip1.jmusa.com","subscriber")) {
xlog("L_ERR"," WWW AUTHFAIL PRE CHALLEGE: From %fu, To %tu, Call ID:
%ci, MESASGE ID %mi");
		www_challenge("sip1.jmusa.com","0");
xlog("L_ERR"," WWW AUTHFAIL POST CHALLEGE From %fu, To %tu, Call ID:
%ci, MESASGE ID %mi");
		break;
	};

	if (!check_to()) {
		sl_send_reply("401", "Unauthorized");
		break;
	};
	consume_credentials();
	if (!save("location")) {
		sl_reply_error();
	};
}

_______________________________________________
Serusers mailing list
serusers at lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers

More information about the sr-users mailing list