<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<font size="-1"><font face="Helvetica, Arial, sans-serif">Nick,
sorry to hear that. Maybe this release will get added to the
compatibility matrix in the future after appropriate testing.<br>
<br>
Dave, There's nothing wrong with this setup. It'll work.<br>
However, if you're also using the router for SRST at a branch
site, then you will need to force the phones to failover on the
ITSP interface rather than the LAN voip interface.<br>
<br>
Sreekanth<br>
</font></font><br>
<div class="moz-cite-prefix">On Thursday 05 May 2016 03:23 AM, Dave
Goodwin wrote:<br>
</div>
<blockquote
cite="mid:CAMmXPv7R4hC5jLn=u9fLSPGesMScaMHUf+H+cdGqVMy_H+N1Gg@mail.gmail.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<div dir="ltr">
<div class="gmail_default" style="font-family:tahoma,sans-serif">Is
there anything wrong with adding voice-class sip bind commands
to ALL the voip dial-peers, and then set the global binding to
the interface that faces the ITSP requiring authentication
(since it seems sip-ua REGISTER messages use the global bind)?</div>
<div class="gmail_default" style="font-family:tahoma,sans-serif"><br>
</div>
<div class="gmail_default" style="font-family:tahoma,sans-serif">-Dave</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, May 4, 2016 at 4:22 PM, Nick
Barnett <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:nicksbarnett@gmail.com" target="_blank">nicksbarnett@gmail.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Thanks for everybody's ideas.
<div><br>
</div>
<div>Unfortunately, 15.6 is OUT because it is not on the
CVP 10.0 compatibility matrix :(
<div><br>
</div>
<div>I'm going to look at using multiple registrars and
see if I can trick it into behaving... if that doesn't
work, I guess I'll have to remove my global binding...</div>
</div>
<div><br>
</div>
</div>
<div class="HOEnZb">
<div class="h5">
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, May 4, 2016 at 11:35
AM, Sreekanth <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:sreenara@cisco.com" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:sreenara@cisco.com">sreenara@cisco.com</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF"> <font
size="-1"><font face="Helvetica, Arial,
sans-serif">Yes, sip-ua tells CUBE to send
REGISTER messages towards a Registrar server
globally with the authentication and
credential parameters. These REGISTER
messages will be bound to the interface that
is bound under voice service voip -> sip.
However, in the 15.6(2)T version, the tenant
configurations under the dial-peers will
instruct the CUBE to send out REGISTER
messages.<br>
<br>
I just checked with the router in my lab and
actually, option 2 won't be possible. It
won't instruct the CUBE to send out REGISTER
messages. It will only instruct the CUBE to
add authentication credentials and realm
settings when sending out the INVITE
messages towards the session target
configured under the dial-peer.<br>
<br>
You will have to go with option 1.<br>
<b>1. Create the voice class tenant for the
SIP trunk to ITSP and bind it with the
right interface.</b><br>
voice class tenant 1<br>
registrar dns:<a moz-do-not-send="true"
href="http://cisco.com" target="_blank">cisco.com</a>
expires 3600<br>
credentials username cisco password cisco
realm <a moz-do-not-send="true"
href="http://cisco.com" target="_blank">cisco.com</a><br>
authentication username cisco123 password
7 cisco123<br>
sip-server dns:<a moz-do-not-send="true"
href="http://cisco.com" target="_blank">cisco.com</a><br>
bind control source-interface
GigabitEthernet0/2<br>
bind media source-interface
GigabitEthernet0/2<br>
early-offer forced<br>
<br>
<b>2. Apply the voice class tenant to the
dial-peer. Create specific dial-peers
towards ITSP.</b><br>
dial-peer voice X voip<br>
voice-class sip tenant 1<br>
<br>
When this is done, CUBE will send REGISTER
messages as well towards this ITSP with the
traffic bound to gig0/2.<br>
This way you can have multiple ITSP trunks
on 1 CUBE.<span><font color="#888888"><br>
<br>
Sreekanth<br>
<br>
<br>
<br>
</font></span></font></font>
<div>
<div><br>
<div>On Wednesday 04 May 2016 09:29 PM, Nick
Barnett wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">I'm currently on
c3900e-universalk9-mz.SPA.153-3.M6, but
can totally upgrade. Was actually
planning on going to 15.4 this weekend.
Jumping 3 versions kind of scares me, so
maybe staging is in order.
<div><br>
</div>
<div><b>I do have some limited auth
commands on the dial peer, if this
is what you were talking about...
but I don't think it applies in this
scenario. I don't have any options
for credentials:</b></div>
<div>CUBE(config-dial-peer)#voice-class
sip authenticate ?<br>
</div>
<div>
<div> redirecting-number Use
redirecting number credentials while
authenticating</div>
<div><br>
</div>
<div>CUBE(config-dial-peer)#voice-class
sip cred </div>
<div>CUBE(config-dial-peer)#voice-class
sip c? </div>
<div> call-route calltype-video
conn-reuse copy-list</div>
<div><b><br>
</b></div>
<div><b>There is also the registration
commands:</b></div>
<div>
<div>CUBE(config-dial-peer)#voice-class
sip registration ?<br>
</div>
<div> passthrough SIP Registration
Passthrough Options</div>
<div><br>
</div>
<div>CUBE(config-dial-peer)#voice-class
sip registration passthrough ?<br>
</div>
<div> dynamic SIP
Registration Use dynamic Registrar
Details (default)</div>
<div> local-fallback Local
Fallback - (e2e)</div>
<div> rate-limit SIP
Registration pass-through
rate-limit Options</div>
<div> reg-sync Registration
Sync - send REGISTER when
registrar up (p2p)</div>
<div> registrar-index Registrar
Index(s) used for registration
passthrough</div>
<div> static SIP
Registration Use static Registrar
Details</div>
<div> system Use global
registration passthrough CLI
setting</div>
<div> <cr></div>
</div>
<div><br>
</div>
<div><b>I tried using the system
passthrough setting, but it did
not work.</b></div>
</div>
<div><b><br>
</b></div>
<div><b>I need to make sure I understand
what is actually happening.</b></div>
<div><b><br>
</b></div>
<div><b>I don't think the CUBE is even
looking at dial-peers for REGISTER
messages. Am I correct? If so, no
amount of dial peer settings is
going to make any difference here...
unless there is a way to create a
dial-peer that will intercept
REGISTER messages. I believe it is
using the REALM settings in the
credentials and authentication
strings (that I entered into
sip-ua). And sip-ua is using the
global bind settings I set within
voice service voip -> SIP (which
are set to the inside interface).</b></div>
<div><b><br>
</b></div>
<div><b>Please set me straight!</b></div>
<div><br>
</div>
<div>Thanks,</div>
<div>Nick</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Wed, May 4,
2016 at 10:37 AM, Sreekanth Narayanan
(sreenara) <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:sreenara@cisco.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:sreenara@cisco.com">sreenara@cisco.com</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div>
<div>What IOS version are you
running on the CUBE? I can think
of a couple of things.</div>
<div>1. In 15.6(2)T, a new feature
has been introduced called
multi-tenant where you can
configure separate voice class
tenants. Each tenant can have
separate authentication mutually
exclusive to one another and can
be bound to different
interfaces.</div>
<div><br>
</div>
<div>2. In your current IOS, check
if you are able to configure the
authentication and credential
commands at the dial peer level.
I am not sure which IOS had this
introduced but it is worth a
try.</div>
<div><br>
</div>
<div><br>
</div>
<div><br>
</div>
<div>
<div
style="font-size:85%;color:#575757">Sreekanth</div>
<div
style="font-size:85%;color:#575757"><br>
</div>
<div
style="font-size:85%;color:#575757">Sent
from a phone.</div>
</div>
<span>
<div><br>
</div>
<div><br>
</div>
<div>-------- Original message
--------</div>
<div>From: Nick Barnett <<a
moz-do-not-send="true"
href="mailto:nicksbarnett@gmail.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:nicksbarnett@gmail.com">nicksbarnett@gmail.com</a></a>>
</div>
<div>Date: 5/4/16 8:03 PM
(GMT+05:30) </div>
<div>To: Brian Meade <<a
moz-do-not-send="true"
href="mailto:bmeade90@vt.edu"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:bmeade90@vt.edu">bmeade90@vt.edu</a></a>>
</div>
<div>Cc: Cisco VoIP Group <<a
moz-do-not-send="true"
href="mailto:cisco-voip@puck.nether.net"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a></a>>
</div>
<div>Subject: Re: [cisco-voip]
Authenticating sip trunk to
ITSP from CUBE? </div>
<div><br>
</div>
</span>
<div>
<div>
<div>
<div dir="ltr">
<p>I'm binding control and
media to my inside
interface:</p>
<p>sip </p>
<p> bind control
source-interface
GigabitEthernet0/0<br>
bind media
source-interface
GigabitEthernet0/0<br>
</p>
<p>I suspect this is the
issue... is there any
way to make the REGISTER
messages come from the
outside gi0/1 interface?</p>
<p>The reason I'm binding
to inside is that we
have a a very fluid
internal network. I have
to make and modify
internal dial peers
almost daily. When I
need to create a dial
peer and put the bind
statements on the dial
peer, it won't bind
properly since there are
active SIP calls on the
CUBE... so I bound it
globally. My external
dial peers rarely
change, so I bind those
directly to gi0/1 (on
the DP).<br>
</p>
<p>I was under the
impression that REGISTER
events can take place
without a dial peer...
but is there a way to, i
dunno, make a dial peer
for register messages?
Can I use SIP profile
magic to get it working
as is?<br>
</p>
<p>I found this article
which is pretty much
exactly what I'm dealing
with, but it doesn't
mention REGISTER at
all...</p>
<p><span
style="font-family:Symbol;color:rgb(31,73,125)"><span>
</span></span><a
moz-do-not-send="true"
href="https://supportforums.cisco.com/blog/154506" target="_blank"><a class="moz-txt-link-freetext" href="https://supportforums.cisco.com/blog/154506">https://supportforums.cisco.com/blog/154506</a></a></p>
<p><span
style="color:rgb(31,73,125)"></span></p>
<p> <br>
</p>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On
Wed, May 4, 2016 at 9:06
AM, Brian Meade <span
dir="ltr"> <<a
moz-do-not-send="true"
href="mailto:bmeade90@vt.edu" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:bmeade90@vt.edu">bmeade90@vt.edu</a></a>></span>
wrote:<br>
<blockquote
class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px
#ccc
solid;padding-left:1ex">
<div dir="ltr">Do you
already have the SIP
bind under voice
service voip?
<div>voice service
voice</div>
<div> sip</div>
<div> bind all
source-interface
FastEthernet0</div>
</div>
<div
class="gmail_extra"><br>
<div
class="gmail_quote">
<div>
<div>On Wed, May
4, 2016 at
9:58 AM, Nick
Barnett <span
dir="ltr"><<a
moz-do-not-send="true" href="mailto:nicksbarnett@gmail.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:nicksbarnett@gmail.com">nicksbarnett@gmail.com</a></a>></span>
wrote:<br>
</div>
</div>
<blockquote
class="gmail_quote"
style="margin:0
0 0
.8ex;border-left:1px
#ccc
solid;padding-left:1ex">
<div>
<div>
<div dir="ltr">I've
never dealt
with an
authenticated
SIP trunk
before and I'm
having some
issues. I was
wondering if
anyone has had
a similar
experience. I
already have 2
SIP trunks
from ITSP-1
that do NOT
require
authentication.
These are
working fine
and have been
for years.
<div><br>
</div>
<div>We are
adding ITSP-2
and their SIP
service DOES
require auth.
I've followed
their
integration
guide (which
left a lot to
be desired)
and their
acceptance
team is
telling me my
auth is coming
from our
private class
A address.
<div><br>
</div>
<div>Our CUBE
is in HA with
an inside
(10.x.x.x) and
outside
(public) IP
address. They
are seeing
REGISTER
messages
sourcing the
inside VIP.</div>
<div><br>
</div>
<div>I was
looking around
for an auth
BIND statement
or something
like that, but
I haven't had
any luck. Any
pointers?</div>
<div><br>
</div>
<div>Thanks,</div>
<div>Nick</div>
</div>
</div>
<br>
</div>
</div>
_______________________________________________<br>
cisco-voip
mailing list<br>
<a
moz-do-not-send="true"
href="mailto:cisco-voip@puck.nether.net" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a></a><br>
<a
moz-do-not-send="true"
href="https://puck.nether.net/mailman/listinfo/cisco-voip"
rel="noreferrer"
target="_blank"><a class="moz-txt-link-freetext" href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</a></a><br>
<br>
</blockquote>
</div>
<br>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
<br>
_______________________________________________<br>
cisco-voip mailing list<br>
<a moz-do-not-send="true"
href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a><br>
<a moz-do-not-send="true"
href="https://puck.nether.net/mailman/listinfo/cisco-voip"
rel="noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><br>
<br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>