Cisco 7975g sip and asterisk SIP/2.0 401 Unauthorized

Hi All,

I’m using asterisk 1.8 with a cisco 7975g sip phone. when the phone is connected to the same subnet as the asterisk server, it works without issue.

when we take the phone to the remote site (connected via VPN), we get stuck on SIP/2.0 401 Unauthorized

the server is 192.168.10.51 and the phone is 192.168.4.101. There is no firewall in the middle or nat.

config is below.

mypbx*CLI> sip show settings

Global Settings:

UDP Bindaddress: 0.0.0.0:5060
TCP SIP Bindaddress: Disabled
TLS SIP Bindaddress: Disabled
Videosupport: No
Textsupport: No
Ignore SDP sess. ver.: No
AutoCreate Peer: No
Match Auth Username: No
Allow unknown access: Yes
Allow subscriptions: Yes
Allow overlap dialing: Yes
Allow promisc. redir: No
Enable call counters: No
SIP domain support: No
Realm. auth: No
Our auth realm asterisk
Use domains as realms: No
Call to non-local dom.: Yes
URI user is phone no: No
Always auth rejects: Yes
Direct RTP setup: No
User Agent: FPBX-2.10.1(1.8.20.1)
SDP Session Name: Asterisk PBX 1.8.20.1
SDP Owner Name: root
Reg. context: (not set)
Regexten on Qualify: No
Legacy userfield parse: No
Caller ID: Unknown
From: Domain:
Record SIP history: Off
Call Events: Off
Auth. Failure Events: Off
T.38 support: Yes
T.38 EC mode: FEC
T.38 MaxDtgrm: -1
SIP realtime: Disabled
Qualify Freq : 60000 ms
Q.850 Reason header: No
Store SIP_CAUSE: No

Network QoS Settings:

IP ToS SIP: CS3
IP ToS RTP audio: EF
IP ToS RTP video: AF41
IP ToS RTP text: CS0
802.1p CoS SIP: 4
802.1p CoS RTP audio: 5
802.1p CoS RTP video: 6
802.1p CoS RTP text: 5
Jitterbuffer enabled: No

Network Settings:

SIP address remapping: Enabled using externaddr
Externhost:
Externaddr: 50.20.134.24:0
Externrefresh: 10
Localnet: 192.168.10.0/255.255.255.0
192.168.4.0/255.255.255.0
192.168.1.0/255.255.255.0

Global Signalling Settings:

Codecs: 0xe (gsm|ulaw|alaw)
Codec Order: ulaw:20,alaw:20,gsm:20
Relax DTMF: No
RFC2833 Compensation: No
Symmetric RTP: Yes
Compact SIP headers: No
RTP Keepalive: 0 (Disabled)
RTP Timeout: 30
RTP Hold Timeout: 300
MWI NOTIFY mime type: application/simple-message-summary
DNS SRV lookup: No
Pedantic SIP support: Yes
Reg. min duration 60 secs
Reg. max duration: 3600 secs
Reg. default duration: 120 secs
Outbound reg. timeout: 20 secs
Outbound reg. attempts: 0
Notify ringing state: Yes
Include CID: No
Notify hold state: Yes
SIP Transfer mode: open
Max Call Bitrate: 384 kbps
Auto-Framing: No
Outb. proxy:
Session Timers: Accept
Session Refresher: uas
Session Expires: 1800 secs
Session Min-SE: 90 secs
Timer T1: 500
Timer T1 minimum: 100
Timer B: 32000
No premature media: Yes
Max forwards: 70

Default Settings:

Allowed transports: UDP
Outbound transport: UDP
Context: from-sip-external
Force rport: Yes
DTMF: rfc2833
Qualify: 0
Use ClientCode: No
Progress inband: Never
Language:
MOH Interpret: default
MOH Suggest:
Voice Mail Extension: *97

[314]
deny=0.0.0.0/0.0.0.0
secret=cisco123
dtmfmode=rfc2833
canreinvite=no
context=from-internal
host=dynamic
trustrpid=yes
sendrpid=no
type=friend
nat=no
port=5060
qualify=yes
qualifyfreq=60
transport=udp
encryption=no
callgroup=
pickupgroup=
dial=SIP/314
mailbox=314@default
permit=0.0.0.0/0.0.0.0
callerid=Home Office <314>
callcounter=yes
faxdetect=no
cc_monitor_policy=generic

<— SIP read from UDP:192.168.4.101:49156 —>
REGISTER sip:192.168.10.51 SIP/2.0
Via: SIP/2.0/UDP 192.168.4.101:49156;branch=z9hG4bK48195c24
From: sip:314@192.168.10.51;tag=64168dbb8f890061584fad37-6f315ab6
To: sip:314@192.168.10.51
Call-ID: 64168dbb-8f890003-4e99673d-4105878e@192.168.4.101
Max-Forwards: 70
Date: Sun, 02 Jun 2013 23:34:14 GMT
CSeq: 148 REGISTER
User-Agent: Cisco-CP7975G/8.5.3
Contact: sip:314@192.168.4.101:49156;transport=udp;+sip.instance=“urn:uuid:00000000-0000-0000-0000-64168dbb8f89”;+u.sip!model.ccm.cisco.com="437"
Supported: (null),X-cisco-xsi-7.0.1
Content-Length: 0
Reason: SIP;cause=200;text="cisco-alarm:20 Name=SEP64168DBB8F89 Load=SIP75.8-5-4S Last=phone-keypad"
Expires: 3600

<------------->
— (14 headers 0 lines) —
Sending to 192.168.4.101:49156 (no NAT)

<— Transmitting (no NAT) to 192.168.4.101:49156 —>
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 192.168.4.101:49156;branch=z9hG4bK48195c24;received=192.168.4.101
From: sip:314@192.168.10.51;tag=64168dbb8f890061584fad37-6f315ab6
To: sip:314@192.168.10.51;tag=as1c0b7cc2
Call-ID: 64168dbb-8f890003-4e99673d-4105878e@192.168.4.101
CSeq: 148 REGISTER
Server: FPBX-2.10.1(1.8.20.1)
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
Supported: replaces, timer
WWW-Authenticate: Digest algorithm=MD5, realm=“asterisk”, nonce="2270ab6d"
Content-Length: 0

You need to configure properly the Nat settings via the FreePBX GUI advanced sip settings.

im not sure what you mean. There is no nat for this setup. its more of a routed network.

Then check your routes settings obviously asterisk has a different network & your phone is failing at response sip messages.

I see no indications of a NAT issue.

If the phone isn’t responding to 401 with authorisation data, either it has no such data configure (in the phone) or the 401 never reached it.

I do see an apparent, unrelated, bug in the phone. The (null) in this line is almost certainly the result of an inappropriate value being passed to a string handling library:

Supported: (null),X-cisco-xsi-7.0.1

Also, check the pedantic sip.conf general parameter and set it to no.

hi!

Our network layout is as follows.

asterisk server is 192.168.10.51

router / VPN termination point is 192.168.10.1

remote site router ip is 192.168.4.1

VoIP phone is 192.168.4.101

Asterisk ----> Router —> Internet <---- home router <— VoIP phone

the pedantic value was not listed in my /etc/asterisk/sip.conf file so i have since added it. Will update here shortly once i take the phone home again and try again.

same issue. Phone is still trying to register.

Any thoughts? Keep in mind that no changes were done to the config. We simple took the phone home, plugged it in, set the TFTP option and rebooted.

i have now upgraded the phone to SIP 9-3-1SR2 and am still getting the same 401 error.

using a softphone allows the configuration to register from a computer that’s connected to the VoIP Phone at home.

when i do a sip show peers, i get the line below.

314/314 192.168.4.101 D A 51523 UNREACHABLE

Should that not be 5060?

Below is my full phone config.

<fullConfig>true</fullConfig>
<deviceProtocol>SIP</deviceProtocol>
<sshUserId>admin</sshUserId>
<sshPassword>cisco</sshPassword>
<name><removed>1314</name>
<devicePool>
    <dateTimeSetting> 
        <dateTemplate>D.M.YA</dateTemplate> 
        <timeZone>Pacific Standard/Daylight Time</timeZone> 
        <ntps> 
            <ntp>
                <name>192.168.10.51</name> 
                <ntpMode>Unicast</ntpMode> 
            </ntp>
        </ntps>
    </dateTimeSetting>
    <callManagerGroup>
        <tftpDefault>true</tftpDefault>
        <members>
            <member priority="0">
                <callManager>
                    <ports>
                        <ethernetPhonePort>2000</ethernetPhonePort>
                        <sipPort>5060</sipPort>
                        <securedSipPort>5062</securedSipPort>
                    </ports>
                    <processNodeName>192.168.10.51</processNodeName>
                </callManager>
            </member>
        </members>
    </callManagerGroup>
</devicePool>
<commonProfile>
    <phonePassword>**#</phonePassword>
    <backgroundImageAccess>true</backgroundImageAccess>
    <callLogBlfEnabled>0</callLogBlfEnabled>
</commonProfile>
<loadInformation>SIP75.9-3-1SR2-1S</loadInformation>
<vendorConfig>
    <disableSpeaker>false</disableSpeaker>
    <disableSpeakerAndHeadset>false</disableSpeakerAndHeadset>
    <pcPort>0</pcPort>
    <settingsAccess>1</settingsAccess>
    <garp>0</garp>
    <voiceVlanAccess>0</voiceVlanAccess>
    <videoCapability>0</videoCapability>
    <autoSelectLineEnable>0</autoSelectLineEnable>
    <daysDisplayNotActive>1,7</daysDisplayNotActive>
    <displayOnTime>10:30</displayOnTime>
    <displayOnDuration>06:05</displayOnDuration>
    <displayIdleTimeout>00:05</displayIdleTimeout> 
    <webAccess>0</webAccess>
    <spanToPCPort>1</spanToPCPort>
    <loggingDisplay>1</loggingDisplay>
    <loadServer></loadServer>
</vendorConfig>
<userLocale>
    <name>English_United_States</name>
    <uid>1</uid>
    <langCode>en_US</langCode>
    <version>1.0.0.0-1</version>
    <winCharSet>iso-8859-1</winCharSet>
</userLocale>
<networkLocale>United_States</networkLocale> 
<networkLocaleInfo> 
    <name>United_States</name> 
    <uid>64</uid> 
    <version>1.0.0.0-1</version> 
</networkLocaleInfo> 
<deviceSecurityMode>1</deviceSecurityMode>
<authenticationURL></authenticationURL>
<directoryURL></directoryURL>
<idleTimeout>0</idleTimeout>
<idleURL></idleURL>
<informationURL></informationURL>
<messagesURL></messagesURL>
<proxyServerURL></proxyServerURL>
<servicesURL></servicesURL>
<dscpForSCCPPhoneConfig>96</dscpForSCCPPhoneConfig>
<dscpForSCCPPhoneServices>0</dscpForSCCPPhoneServices>
<dscpForCm2Dvce>96</dscpForCm2Dvce>
<transportLayerProtocol>2</transportLayerProtocol>
<capfAuthMode>0</capfAuthMode>
<capfList>
    <capf>
        <phonePort>3804</phonePort>
    </capf>
</capfList>
<certHash></certHash>
<encrConfig>false</encrConfig>
<sipProfile>
    <sipProxies>
        <backupProxy></backupProxy>
        <backupProxyPort></backupProxyPort>
        <emergencyProxy></emergencyProxy>
        <emergencyProxyPort></emergencyProxyPort>
        <outboundProxy></outboundProxy>
        <outboundProxyPort></outboundProxyPort>
        <registerWithProxy>true</registerWithProxy>
    </sipProxies>
    <sipCallFeatures>
        <cnfJoinEnabled>true</cnfJoinEnabled>
        <callForwardURI>x--serviceuri-cfwdall</callForwardURI>
        <callPickupURI>x-cisco-serviceuri-pickup</callPickupURI>
        <callPickupListURI>x-cisco-serviceuri-opickup</callPickupListURI>
        <callPickupGroupURI>x-cisco-serviceuri-gpickup</callPickupGroupURI>
        <meetMeServiceURI>x-cisco-serviceuri-meetme</meetMeServiceURI>
        <abbreviatedDialURI>x-cisco-serviceuri-abbrdial</abbreviatedDialURI>
        <rfc2543Hold>true</rfc2543Hold>
        <callHoldRingback>2</callHoldRingback>
        <localCfwdEnable>true</localCfwdEnable>
        <semiAttendedTransfer>true</semiAttendedTransfer>
        <anonymousCallBlock>2</anonymousCallBlock>
        <callerIdBlocking>0</callerIdBlocking>
        <dndControl>0</dndControl>
        <remoteCcEnable>true</remoteCcEnable>
    </sipCallFeatures>
    <sipStack>
        <sipInviteRetx>6</sipInviteRetx>
        <sipRetx>10</sipRetx>
        <timerInviteExpires>180</timerInviteExpires>
        <timerRegisterExpires>3600</timerRegisterExpires>
        <timerRegisterDelta>5</timerRegisterDelta>
        <timerKeepAliveExpires>120</timerKeepAliveExpires>
        <timerSubscribeExpires>120</timerSubscribeExpires>
        <timerSubscribeDelta>5</timerSubscribeDelta>
        <timerT1>500</timerT1>
        <timerT2>4000</timerT2>
        <maxRedirects>70</maxRedirects>
        <remotePartyID>false</remotePartyID>
        <userInfo>None</userInfo>
    </sipStack>
    <autoAnswerTimer>1</autoAnswerTimer>
    <autoAnswerAltBehavior>false</autoAnswerAltBehavior>
    <autoAnswerOverride>true</autoAnswerOverride>
    <transferOnhookEnabled>true</transferOnhookEnabled>
    <enableVad>false</enableVad>
    <preferredCodec>g711u</preferredCodec>
    <dtmfAvtPayload>101</dtmfAvtPayload>
    <dtmfDbLevel>3</dtmfDbLevel>
    <dtmfOutofBand>avt</dtmfOutofBand>
    <alwaysUsePrimeLine>false</alwaysUsePrimeLine>
    <alwaysUsePrimeLineVoiceMail>false</alwaysUsePrimeLineVoiceMail>
    <kpml>3</kpml>
    <stutterMsgWaiting>1</stutterMsgWaiting>
    <callStats>false</callStats>
    <silentPeriodBetweenCallWaitingBursts>10</silentPeriodBetweenCallWaitingBursts>
    <disableLocalSpeedDialConfig>false</disableLocalSpeedDialConfig>
    <startMediaPort>10000</startMediaPort>
    <stopMediaPort>20000</stopMediaPort>
    <voipControlPort>5060</voipControlPort>
    <dscpForAudio>184</dscpForAudio>
    <ringSettingBusyStationPolicy>0</ringSettingBusyStationPolicy>
    <dialTemplate>dialplan.xml</dialTemplate>
    <phoneLabel><removed>1314</phoneLabel>
<natReceivedProcessing>false</natReceivedProcessing>
    <natEnabled>false</natEnabled>
<natAddress></natAddress>
<versionStamp>1370211921-3772add1-c836-483c-8a9e-b91fb87b825b</versionStamp>
    <sipLines>
        <line button="1">
            <featureID>9</featureID>
            <featureLabel>314</featureLabel>
            <name>314</name>
            <displayName>Mian x314</displayName>
            <contact>314</contact>
	<proxy>USECALLMANAGER</proxy>
            <autoAnswer>
                <autoAnswerEnabled>2</autoAnswerEnabled>
            </autoAnswer>
            <callWaiting>3</callWaiting>
            <authName>314</authName>
	<authPassword>cisco123</authPassword>
            <sharedLine>false</sharedLine>
            <messageWaitingLampPolicy>3</messageWaitingLampPolicy>
            <messagesNumber>*97</messagesNumber>
            <ringSettingIdle>4</ringSettingIdle>
            <ringSettingActive>5</ringSettingActive>
	<forwardCallInfoDisplay> 
		<callerName>true</callerName> 
		<callerNumber>false</callerNumber> 
		<redirectedNumber>false</redirectedNumber> 
		<dialedNumber>true</dialedNumber> 
	</forwardCallInfoDisplay> 
        </line>
    </sipLines>
</sipProfile>