[cisco-voip] Authenticating sip trunk to ITSP from CUBE?

Sreekanth Narayanan (sreenara) sreenara at cisco.com
Wed May 4 11:37:15 EDT 2016


What IOS version are you running on the CUBE? I can think of a couple of things.
1. In 15.6(2)T, a new feature has been introduced called multi-tenant where you can configure separate voice class tenants. Each tenant can have separate authentication mutually exclusive to one another and can be bound to different interfaces.

2. In your current IOS, check if you are able to configure the authentication and credential commands at the dial peer level. I am not sure which IOS had this introduced but it is worth a try.



Sreekanth

Sent from a phone.


-------- Original message --------
From: Nick Barnett <nicksbarnett at gmail.com>
Date: 5/4/16 8:03 PM (GMT+05:30)
To: Brian Meade <bmeade90 at vt.edu>
Cc: Cisco VoIP Group <cisco-voip at puck.nether.net>
Subject: Re: [cisco-voip] Authenticating sip trunk to ITSP from CUBE?


I'm binding control and media to my inside interface:

sip

  bind control source-interface GigabitEthernet0/0
  bind media source-interface GigabitEthernet0/0

I suspect this is the issue... is there any way to make the REGISTER messages come from the outside gi0/1 interface?

The reason I'm binding to inside is that we have a a very fluid internal network. I have to make and modify internal dial peers almost daily.  When I need to create a dial peer and put the bind statements on the dial peer, it won't bind properly since there are active SIP calls on the CUBE... so I bound it globally. My external dial peers rarely change, so I bind those directly to gi0/1 (on the DP).

I was under the impression that REGISTER events can take place without a dial peer... but is there a way to, i dunno, make a dial peer for register messages?  Can I use SIP profile magic to get it working as is?

I found this article which is pretty much exactly what I'm dealing with, but it doesn't mention REGISTER at all...

   https://supportforums.cisco.com/blog/154506<https://urldefense.proofpoint.com/v2/url?u=https-3A__supportforums.cisco.com_blog_154506&d=CwMFAg&c=M-KQspD_LQogCbR-BWCHOaeDEPOhF8vWqHZTaiwxT3c&r=T9uVLZucbHG2NKKKzOrp-o5cpdReHj02PkJJsCVkgfwcv7S0R5lDeFJg2VRbiNih&m=UIAzGDQs8RCZld9kCbExwqpJhTgzpDVwM0k8_I7JRqU&s=jZN-R2pRsZOWN3r5is-aSivDlf9hqddUzDIoOWRWc3E&e=>



On Wed, May 4, 2016 at 9:06 AM, Brian Meade <bmeade90 at vt.edu<mailto:bmeade90 at vt.edu>> wrote:
Do you already have the SIP bind under voice service voip?
voice service voice
 sip
  bind all source-interface FastEthernet0

On Wed, May 4, 2016 at 9:58 AM, Nick Barnett <nicksbarnett at gmail.com<mailto:nicksbarnett at gmail.com>> wrote:
I've never dealt with an authenticated SIP trunk before and I'm having some issues. I was wondering if anyone has had a similar experience. I already have 2 SIP trunks from ITSP-1 that do NOT require authentication. These are working fine and have been for years.

We are adding ITSP-2 and their SIP service DOES require auth.  I've followed their integration guide (which left a lot to be desired) and their acceptance team is telling me my auth is coming from our private class A address.

Our CUBE is in HA with an inside (10.x.x.x) and outside (public) IP address. They are seeing REGISTER messages sourcing the inside VIP.

I was looking around for an auth BIND statement or something like that, but I haven't had any luck. Any pointers?

Thanks,
Nick

_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20160504/b827c92a/attachment.html>


More information about the cisco-voip mailing list