Problems Calling Out on Cisco 7961

[jlumby]

I have a strange issue with one specific implementation of PBXnSIP 3.0.0.2992. When the cisco 7961 is in the office, it works perfectly. When the phone is out of the office it can dial extensions within the office without a problem, and can receive calls from anywhere, however when it goes to place a call across one of the sip trunks, the pbx loggs the following password mismatch error.

 

SIP/2.0 401 Authentication Required

Via: SIP/2.0/UDP 75.146.173.70:10120;branch=z9hG4bK45f54842

From: "Mark" <sip:129@75.146.163.187>;tag=001c5879d3e7000854dd80e8-d219ec45

To: <sip:4193922384@192.168.169.64;user=phone>;tag=ff92e2f250

Call-ID: 001c5879-d3e70008-6d6a8836-a414b057@192.168.1.2

CSeq: 102 INVITE

User-Agent: pbxnsip-PBX/3.0.0.2992

Warning: 399 75.146.163.187 Password does not match

Content-Length: 0

 

I am trying to figure out what is going on since the same config file is used both inside, as outside of the office, so the password is the same, plus the extension successfully registers, and can even make calls to other users on the same system. To make things even more complicated 7060 (slightly older model) phones work fine from both the inside, as well as the outside of the office. It appears to me something specific to this install since I can stay at the same offsite location, and register the phone to a different PBXnSIP machine, and I do not have a problem.

[Vodia PBX]

I have a strange issue with one specific implementation of PBXnSIP 3.0.0.2992. When the cisco 7961 is in the office, it works perfectly. When the phone is out of the office it can dial extensions within the office without a problem, and can receive calls from anywhere, however when it goes to place a call across one of the sip trunks, the pbx loggs the following password mismatch error.

 

SIP/2.0 401 Authentication Required

Via: SIP/2.0/UDP 75.146.173.70:10120;branch=z9hG4bK45f54842

From: "Mark" <sip:129@75.146.163.187>;tag=001c5879d3e7000854dd80e8-d219ec45

To: <sip:4193922384@192.168.169.64;user=phone>;tag=ff92e2f250

Call-ID: 001c5879-d3e70008-6d6a8836-a414b057@192.168.1.2

CSeq: 102 INVITE

User-Agent: pbxnsip-PBX/3.0.0.2992

Warning: 399 75.146.163.187 Password does not match

Content-Length: 0

 

I am trying to figure out what is going on since the same config file is used both inside, as outside of the office, so the password is the same, plus the extension successfully registers, and can even make calls to other users on the same system. To make things even more complicated 7060 (slightly older model) phones work fine from both the inside, as well as the outside of the office. It appears to me something specific to this install since I can stay at the same offsite location, and register the phone to a different PBXnSIP machine, and I do not have a problem.

 

Whow. Maybe it is not the password, maybe the Cisco answeres the challenge with a different domain. "Should not happen", but you never know. Is there anything SIP-aware stuff in the loop? Maybe another firewall that wants to do you a favour (check if the packet gets modified between the phone and the PBX).

[jlumby]

When connecting from the outside, 2 more items come into the mix that could possibly be modifying the packets. There is a Cisco 2621 router that is doing 1:1 nat to the softswitch, and a Cisco ASA5505 firewall at the remote office side. I doubt it is the ASA5505 since I have used it in other installs without a problem, however the 1:1 nat on the 2621 router is not one of my standards. The one thing that really throws me is if I dial an internal number (another extension on the softswitch) everything works fine, however if I dial a number that would be on a trunk, then the problem exists. I would not think the routers would know the difference. Does the softwsitch do anything different based on the desitnation that the routers might be picking up on?

[Vodia PBX]

When connecting from the outside, 2 more items come into the mix that could possibly be modifying the packets. There is a Cisco 2621 router that is doing 1:1 nat to the softswitch, and a Cisco ASA5505 firewall at the remote office side. I doubt it is the ASA5505 since I have used it in other installs without a problem, however the 1:1 nat on the 2621 router is not one of my standards. The one thing that really throws me is if I dial an internal number (another extension on the softswitch) everything works fine, however if I dial a number that would be on a trunk, then the problem exists. I would not think the routers would know the difference. Does the softwsitch do anything different based on the desitnation that the routers might be picking up on?

 

I would exclude that the router makes a difference with the destination. I think the fastest way is really to get the packet coming out from the SIP phone (okay, that might involve a hub or port monitoring on a switch) and running Wireshark locally on the PBX. Then if the packets differ we know what we are talking about.

[jlumby]

Well, I tested your domain name theorey, by fully implimenting DNS, and using the name instead of the IP in the phone's config file. It did the trick.

 

I did compare packets, and the only changes I saw were the public IPs changed to privates, and vice versa in all locations within the sip packets (even within the payload).

[Vodia PBX]

Well, I tested your domain name theorey, by fully implimenting DNS, and using the name instead of the IP in the phone's config file. It did the trick.

 

I did compare packets, and the only changes I saw were the public IPs changed to privates, and vice versa in all locations within the sip packets (even within the payload).

 

Okay.

 

I don't like it when "someone" changes public IP to private IP. There was a self-declated SBC that would even change the IM attachment which says "hey, my IP address is 192.168.1.2" into "hey, my IP address is 213.214.215.216"...

 

But if it works, fine. Never touch a running system. Don't fix it if it is not broken!