jlumby Posted August 29, 2008 Report Share Posted August 29, 2008 I have a strange issue with one specific implementation of PBXnSIP 3.0.0.2992. When the cisco 7961 is in the office, it works perfectly. When the phone is out of the office it can dial extensions within the office without a problem, and can receive calls from anywhere, however when it goes to place a call across one of the sip trunks, the pbx loggs the following password mismatch error. SIP/2.0 401 Authentication Required Via: SIP/2.0/UDP 75.146.173.70:10120;branch=z9hG4bK45f54842 From: "Mark" <sip:129@75.146.163.187>;tag=001c5879d3e7000854dd80e8-d219ec45 To: <sip:4193922384@192.168.169.64;user=phone>;tag=ff92e2f250 Call-ID: 001c5879-d3e70008-6d6a8836-a414b057@192.168.1.2 CSeq: 102 INVITE User-Agent: pbxnsip-PBX/3.0.0.2992 Warning: 399 75.146.163.187 Password does not match Content-Length: 0 I am trying to figure out what is going on since the same config file is used both inside, as outside of the office, so the password is the same, plus the extension successfully registers, and can even make calls to other users on the same system. To make things even more complicated 7060 (slightly older model) phones work fine from both the inside, as well as the outside of the office. It appears to me something specific to this install since I can stay at the same offsite location, and register the phone to a different PBXnSIP machine, and I do not have a problem. Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted September 1, 2008 Report Share Posted September 1, 2008 I have a strange issue with one specific implementation of PBXnSIP 3.0.0.2992. When the cisco 7961 is in the office, it works perfectly. When the phone is out of the office it can dial extensions within the office without a problem, and can receive calls from anywhere, however when it goes to place a call across one of the sip trunks, the pbx loggs the following password mismatch error. SIP/2.0 401 Authentication Required Via: SIP/2.0/UDP 75.146.173.70:10120;branch=z9hG4bK45f54842 From: "Mark" <sip:129@75.146.163.187>;tag=001c5879d3e7000854dd80e8-d219ec45 To: <sip:4193922384@192.168.169.64;user=phone>;tag=ff92e2f250 Call-ID: 001c5879-d3e70008-6d6a8836-a414b057@192.168.1.2 CSeq: 102 INVITE User-Agent: pbxnsip-PBX/3.0.0.2992 Warning: 399 75.146.163.187 Password does not match Content-Length: 0 I am trying to figure out what is going on since the same config file is used both inside, as outside of the office, so the password is the same, plus the extension successfully registers, and can even make calls to other users on the same system. To make things even more complicated 7060 (slightly older model) phones work fine from both the inside, as well as the outside of the office. It appears to me something specific to this install since I can stay at the same offsite location, and register the phone to a different PBXnSIP machine, and I do not have a problem. Whow. Maybe it is not the password, maybe the Cisco answeres the challenge with a different domain. "Should not happen", but you never know. Is there anything SIP-aware stuff in the loop? Maybe another firewall that wants to do you a favour (check if the packet gets modified between the phone and the PBX). Quote Link to comment Share on other sites More sharing options...
jlumby Posted September 2, 2008 Author Report Share Posted September 2, 2008 When connecting from the outside, 2 more items come into the mix that could possibly be modifying the packets. There is a Cisco 2621 router that is doing 1:1 nat to the softswitch, and a Cisco ASA5505 firewall at the remote office side. I doubt it is the ASA5505 since I have used it in other installs without a problem, however the 1:1 nat on the 2621 router is not one of my standards. The one thing that really throws me is if I dial an internal number (another extension on the softswitch) everything works fine, however if I dial a number that would be on a trunk, then the problem exists. I would not think the routers would know the difference. Does the softwsitch do anything different based on the desitnation that the routers might be picking up on? Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted September 2, 2008 Report Share Posted September 2, 2008 When connecting from the outside, 2 more items come into the mix that could possibly be modifying the packets. There is a Cisco 2621 router that is doing 1:1 nat to the softswitch, and a Cisco ASA5505 firewall at the remote office side. I doubt it is the ASA5505 since I have used it in other installs without a problem, however the 1:1 nat on the 2621 router is not one of my standards. The one thing that really throws me is if I dial an internal number (another extension on the softswitch) everything works fine, however if I dial a number that would be on a trunk, then the problem exists. I would not think the routers would know the difference. Does the softwsitch do anything different based on the desitnation that the routers might be picking up on? I would exclude that the router makes a difference with the destination. I think the fastest way is really to get the packet coming out from the SIP phone (okay, that might involve a hub or port monitoring on a switch) and running Wireshark locally on the PBX. Then if the packets differ we know what we are talking about. Quote Link to comment Share on other sites More sharing options...
jlumby Posted September 2, 2008 Author Report Share Posted September 2, 2008 Well, I tested your domain name theorey, by fully implimenting DNS, and using the name instead of the IP in the phone's config file. It did the trick. I did compare packets, and the only changes I saw were the public IPs changed to privates, and vice versa in all locations within the sip packets (even within the payload). Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted September 3, 2008 Report Share Posted September 3, 2008 Well, I tested your domain name theorey, by fully implimenting DNS, and using the name instead of the IP in the phone's config file. It did the trick. I did compare packets, and the only changes I saw were the public IPs changed to privates, and vice versa in all locations within the sip packets (even within the payload). Okay. I don't like it when "someone" changes public IP to private IP. There was a self-declated SBC that would even change the IM attachment which says "hey, my IP address is 192.168.1.2" into "hey, my IP address is 213.214.215.216"... But if it works, fine. Never touch a running system. Don't fix it if it is not broken! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.