Greg Fausak wrote:
This is an interesting problem.
I would venture to say that if you did NOT authenticate
for those calls that you pass to a spa-3000, then that would work...
that is, if your SERPROXY doesn't authenticate.
is it possible that the problem is trying to authorize
twice...once for your UAC<->SERPROXY and then the
UAC<->SERPROXY<->UAS(SPA3000)
Can you have multiple credentials in the same SIP packet?
Seems like it should work...
SIP allows multiple credentials in one request. These credentials differ
in the realm string. So using the same realm for 2 hops does not work as
long as the hops are not synchronized in producing the nonce. Maybe it
can work if the proxy uses proxy-authentication and the SIPURA uses
www_authentication.
Nevertheless I don't have any glue why ser blocks the 401 response from
the SIPURA. Please post a SIP message dump.
regards,
klaus
Sorry, not much help I know. Do you have a packet trace?
---greg
On Aug 9, 2004, at 3:39 PM, Andres wrote:
Juha Heinanen wrote:
andres,
how about selecting the gw in ser based on caller's domain?
There is just one domain (all our subs belong to one domain). And the
gateways are the SPA3000 which register dynamically as simply another
UA. So gateways cannot be thought of as in the traditional sense.
Even if they had static IPs, it would be a nightmare to manage say
1000 FXO personal gateways.
The way this works for example is a sub purchases 2 accounts. Account
1000 is for UA1(ATA186 for example) and account 1001 is for the
FXO1(Sipura 3000). Both are separate hardware devices located in
different places(and both register with SER). UA1 places a call to
1001, the FXO port will answer and give him local dial tone. UA1 then
passess DTMF digits to the local telco attached to the FXO1. But the
sub does not want anybody on our network to access line 1001, just
those predefined on the FXO1 username/password digest definition
(inside the SPA3000 config).
UA1 (1000) ------>SER--------->FXO1 (1001) ----> PSTN
There are other ways to authenticate the caller like via a PIN or
Caller ID. But we are trying to see if digest authentication is also
possible.
-- juha
--
Andres
Network Admin
http://www.telesip.net
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
Greg Fausak
www.AddaBrand.com
(US) 469-546-1265
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers