02-07-2013 01:21 AM - edited 03-16-2019 03:34 PM
Hi All,
I created a SIP Trunk with Asterisk PBX, calls from CUCM 8.6.2 to Asterisk are OK but calls from Asterisk to CUCM fails.
I have taken a Wireshark trace and found that Asterisk send "OPTIONS" request which CUCM answers with "SIP 401 Unauthorized"
Looking at th CUCM SIP Trunk Messaging Guide 8.6 (1):
It says that CUCM "Supports basic OPTIONS ping fonctionality", I enabled this under SIP Profile and CUCM starts sending "OPTIONS" request to Asterisk, but still replies to " OPTIONS" sent from Asterisk with "SIP 401 Unauthorized" and the calls from Asterisk are still failing.
My question is, does CUCM support replying to "OPTIONS" request? or does it only support sending "OPTIONS"?
And if it does not support it, does CUBE support it?
Any help is appreciated.
Thanks
Solved! Go to Solution.
02-07-2013 06:02 AM
From the response from CUCM, CUCM trunk has been configured to authenticate on options ping.
"WWW-Authenticate: Digest realm="StandAloneCluster",nonce="pKa99ycyvbiEyc7uk0gIeUrNQZw6+Fkg",
algorithm=MD5"
This is why you are getting un authorized because asteriks is not sending any authentication string.. You should either remove the authentication on the sip options or get asterick to authenticate to the digest realm
Please rate all useful posts
"opportunity is a haughty goddess who waste no time with those who are unprepared"
02-07-2013 06:12 AM
Go to the security profile you using..Under it look at it the "enable digest authentication" tick box...Is this ticked?
Please rate all useful posts
"opportunity is a haughty goddess who waste no time with those who are unprepared"
02-07-2013 04:26 AM
Moath,
CUCM definitely support options ping and it does send a response when it is received. We need to looak the format of the options ping asteriks is sending to cucm..
Here is an example of CUCM receiving options ping and rsponding to it..
+++++++Incoming options ping++++++++++++
Incoming SIP UDP message size 511 from 10.10.10.200:[63034]:
[798569,NET]
OPTIONS sip:01726653000@10.10.10.174:5060 SIP/2.0
Via: SIP/2.0/UDP 10.10.10.200:5060;branch=z9hG4bKD7B29E1C7A
From: <02089031978>;tag=1417B346-198E
To: "Warwick" <01726653000>;tag=106763~ffa80926-5fac-4dd6-b405-2dbbc56ae9a2-552479431
Date: Tue, 11 Dec 2012 15:08:29 GMT
Call-ID: 4404380-c714b6c-baa1-ae28690a@10.10.10.174
User-Agent: Cisco-SIPGateway/IOS-12.x
Max-Forwards: 70
CSeq: 104 OPTIONS
Contact: <02089031978>
Content-Length: 002089031978>01726653000>02089031978>
++++++Outgoing cucm response+++++++++
Outgoing SIP UDP message to 10.10.10.200:[5060]:
[798570,NET]
SIP/2.0 200 OK
Via: SIP/2.0/UDP 10.10.10.200:5060;branch=z9hG4bKD7B29E1C7A
From: <02089031978>;tag=1417B346-198E
To: "Warwick" <01726653000>;tag=106763~ffa80926-5fac-4dd6-b405-2dbbc56ae9a2-552479431
Date: Tue, 11 Dec 2012 15:08:29 GMT
Call-ID: 4404380-c714b6c-baa1-ae28690a@10.10.10.174
CSeq: 104 OPTIONS
Allow: INVITE, OPTIONS, INFO, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY
Content-Length: 001726653000>02089031978>
Can you send the output of the options ping sent by asteriks and we can see whats going on
Please rate all useful posts
"opportunity is a haughty goddess who waste no time with those who are unprepared"
02-07-2013 05:19 AM
Hi Aok,
here it is:
OPTIONS sip:10.1.3.12 SIP/2.0
Via: SIP/2.0/UDP 172.16.10.18:5060;branch=z9hG4bK078c2465;rport
Max-Forwards: 70
From: "Unknown"
To: <10.1.3.12>10.1.3.12>
Contact:
Call-ID: 18fc95c02d5307223df0240079eefa35@172.16.10.18
CSeq: 102 OPTIONS
User-Agent: FPBX-2.10.1(1.6.2.11)
Date: Wed, 06 Feb 2013 19:46:01 GMT
Allow: INVITE, ACK, CANCEL, OPTIONS, BYE, REFER, SUBSCRIBE, NOTIFY, INFO
Supported: replaces, timer
Content-Length: 0
and here is the Response from Call Manager:
SIP/2.0 401 Unauthorized
Via: SIP/2.0/UDP 172.16.10.18:5060;branch=z9hG4bK078c2465;rport
From: "Unknown"
To: <10.1.3.12>;tag=46561544110.1.3.12>
Date: Wed, 06 Feb 2013 14:59:58 GMT
Call-ID: 18fc95c02d5307223df0240079eefa35@172.16.10.18
CSeq: 102 OPTIONS
WWW-Authenticate: Digest realm="StandAloneCluster", nonce="pKa99ycyvbiEyc7uk0gIeUrNQZw6+Fkg", algorithm=MD5
Allow: INVITE, OPTIONS, INFO, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY
Content-Length: 0
Thanks for your help
02-07-2013 06:02 AM
From the response from CUCM, CUCM trunk has been configured to authenticate on options ping.
"WWW-Authenticate: Digest realm="StandAloneCluster",nonce="pKa99ycyvbiEyc7uk0gIeUrNQZw6+Fkg",
algorithm=MD5"
This is why you are getting un authorized because asteriks is not sending any authentication string.. You should either remove the authentication on the sip options or get asterick to authenticate to the digest realm
Please rate all useful posts
"opportunity is a haughty goddess who waste no time with those who are unprepared"
02-07-2013 06:05 AM
Hi Aok,
In the SIP Security Profile I am using "Non Secure" for the SIP Trunk security mode
Is there any other place that I should remove the authentication from?
02-07-2013 06:12 AM
Go to the security profile you using..Under it look at it the "enable digest authentication" tick box...Is this ticked?
Please rate all useful posts
"opportunity is a haughty goddess who waste no time with those who are unprepared"
02-07-2013 06:20 AM
Hi Aok,
I will check this and get back to you.
Thanks
02-10-2013 06:32 AM
Hi Aok,
Thank you for your feedback. It seems I enabled digest authentication by mistake.
CUCM replies to OPTIONS successfully now.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide