[Resolved] SIP INVITE authentication failure

Asterisk Asterisk Support
1

Hello all,

I am a newbie here. I have configured to asterisk Boxes A and B SIP registered with each other. All the calls made from B
should go to A and routed from there. Because some extensions on B may move between the two sites ( A and B).
So I created the dial plan to check all the time with A if the extension is there, if not route it back to B. So sometimes
the call is created at B and comes back to B from A. When it happens, the INVITE from A results in a “Proxy authentication failure” and the re INVITE leads to “Forbidden” from B. Any views on how to solve it…

Here are the sip traces

Reliably Transmitting (NAT) to 192.1.1.2:5060:
INVITE sip:1000@192.1.1.2SIP/2.0
Via: SIP/2.0/UDP 192.1.1.2:5060;branch=z9hG4bK1d472b32;rport
Max-Forwards: 70
From: “1001” sip:1001@192.1.1.2;tag=as70ff7e8d
To: sip:1000@192.1.1.2
Contact: sip:1001@192.1.1.1:5060
Call-ID: 1b9fde044c89309b386749b2521a2f30@192.1.1.1:5060
CSeq: 103 INVITE
User-Agent: Asterisk PBX 1.8.11.1
Proxy-Authorization: Digest username=“A”, realm=“asterisk”, algorithm=MD5, uri="sip:1000@192.1.1.2", nonce=“362440b8”, response="482347d418cd2c9fb4705b3256086cdc"
Date: Fri, 11 May 2012 12:11:26 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO, PUBLISH
Supported: replaces, timer
Content-Type: application/sdp
Content-Length: 260

<— SIP read from UDP:192.1.1.2:5060 —>
SIP/2.0 403 Forbidden
Via: SIP/2.0/UDP 192.1.1.1:5060;branch=z9hG4bK1d472b32;received=192.1.1.1;rport=5060
From: “1001” sip:1001@192.1.1.1;tag=as70ff7e8d
To: sip:1000@192.1.1.2;tag=as0e19dc27
Call-ID: 1b9fde044c89309b386749b2521a2f30@192.1.1.1:5060
CSeq: 103 INVITE
User-Agent: Asterisk PBX
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY
Content-Length: 0

Configuration of A
sip.conf

[general]
register => A:1234@192.1.1.2/B ;ip of server B
port = 5060
bindaddr = 0.0.0.0
context = server

[B]
type = friend
secret = 1234
host=dynamic
context = phones
disallow = all
allow = ulaw
;insecure = invite

Configuration of B
sip.conf
[general]
register =>B:1234@192.1.1.1/A ; IP of server A is 192.1.1.1
port = 5060
bindaddr = 0.0.0.0
context = client2

;dynamic ip
[server]
type = friend
secret = 1234
host = dynamic
context = server_incoming
disallow = all
allow = ulaw
;insecure = invite

;definition of local phones
[1000]
username = 1000
type = friend
context = phones
secret = 1234
;insecure = invite
host = dynamic

[1001]
username = 1001
type = friend
context = phones
secret = 1234
host = dynamic

2

If you can cross register them, it means that you have static addresses for both of them, in which case you shouldn’t be registering them at all!

I suspect your other problems will go away if you use peer, rather than friend.

Also, I don’t think you gave the whole dialogue.

3

I will check with type peer and update you. But I am just asking if it has anything to do with
asterisk not being a SIP proxy. Because it happens only when the INVITE crosses two boxes to reach the destination,
after one asterisk fails to find the extension under it.

4

INVITE’s never cross Asterisk boxes. They are terminated by the incoming side, resulting in a diaplan execution starting and a completely new one is created by the DIal application (etc.). Some information, like codec selections, and, with direct media enabled, RTP end point addreses, is pased through.

5

Resolved: All I did was changing the sip client type from friend into peer as you suggested. You just pin pointed the issue exactly. Thank you so much for your advice.