27 Sep
2005
27 Sep
'05
noon
Hi,
I have the next scheme:
7905G ------- NAT ------- Internet ------ SER+mediaproxy
When the 7905G sends a INVITE the ser responds:
Status: 407 Proxy Authentication Required.
This is right, but the destination port this packet not is right because the
ser sends the packet with
destination port 5060 (private port) and not the (public port). If I open
this port all it is right, I do not
want to open no port.
This single problem happens to me with 7905G (no linksys, no X-Ten, ...).
I do not understand what it is happening.
Thanks for your aid.
--
Alberto
27 Sep
27 Sep
12:58 p.m.
Hi,
the problem is that Cisco 7905G do not support STUN servers so it is not
able to know on which port the request is sent out after NAT. It is a stupid
SIP phone, in my opinion, to be used as SIP phone behind nat. Eventually you
need a router that make symmetric nat so the 5060 internal port will be
translated as 5060 out port but you will need in any case to open ports for
RTP and 5060 fr incoming calls.
Bye,
Marcello
----- Original Message -----
From: "Alberto" <alberto.ipt(a)telefonica.net>
To: <serusers(a)lists.iptel.org>
Sent: Tuesday, September 27, 2005 11:00 AM
Subject: [Serusers] cisco 7905G
Hi,
I have the next scheme:
7905G ------- NAT ------- Internet ------ SER+mediaproxy
When the 7905G sends a INVITE the ser responds:
Status: 407 Proxy Authentication Required.
This is right, but the destination port this packet not is right because
the ser sends the packet with
destination port 5060 (private port) and not the (public port). If I open
this port all it is right, I do not
want to open no port.
This single problem happens to me with 7905G (no linksys, no X-Ten, ...).
I do not understand what it is happening.
Thanks for your aid.
--
Alberto
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
1:32 p.m.
Thanks for your response.
I don't use STUN servers, I use SER with Mediaproxy.
My other sip clients works ok, and they are a stupid sip clients too.
I don't understand it, why the SER respond to private port and not to public
port?
Thanks.
--
Alberto
----- Original Message -----
From: "Marcello Lupo" <lupo(a)itspecialist.it>
To: "Alberto" <alberto.ipt(a)telefonica.net>et>;
<serusers(a)lists.iptel.org>
Sent: Tuesday, September 27, 2005 11:58 AM
Subject: Re: [Serusers] cisco 7905G
Hi,
the problem is that Cisco 7905G do not support STUN servers so it is not
able to know on which port the request is sent out after NAT. It is a
stupid SIP phone, in my opinion, to be used as SIP phone behind nat.
Eventually you need a router that make symmetric nat so the 5060 internal
port will be translated as 5060 out port but you will need in any case to
open ports for RTP and 5060 fr incoming calls.
Bye,
Marcello
----- Original Message -----
From: "Alberto" <alberto.ipt(a)telefonica.net>
To: <serusers(a)lists.iptel.org>
Sent: Tuesday, September 27, 2005 11:00 AM
Subject: [Serusers] cisco 7905G
Hi,
I have the next scheme:
7905G ------- NAT ------- Internet ------ SER+mediaproxy
When the 7905G sends a INVITE the ser responds:
Status: 407 Proxy Authentication Required.
This is right, but the destination port this packet not is right because
the ser sends the packet with
destination port 5060 (private port) and not the (public port). If I
open this port all it is right, I do not
want to open no port.
This single problem happens to me with 7905G (no linksys, no X-Ten, ...).
I do not understand what it is happening.
Thanks for your aid.
--
Alberto
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
1:47 p.m.
Hi,
It is probably because the Cisco 7905 put his Public address (that you
config under NAT IP address) only in the via header field and not in the
From or the contact field. Now is some time that i do
not use that phone and
do not remember correctly. In any case the SER use the
correct Public IP in
the answer but try to contact the port 5060 that is the port that it put in
the header that SER use to contact it.
If i don't remember wrong may be SER answer correctly to other clients
because them do not specify the port to contact and SER use the one from
which the request is coming. Instead the Cisco specify port 5060.
If you send me a SIP trace i can help you find it.
Bye,
Marcello
----- Original Message -----
From: "Alberto" <alberto.ipt(a)telefonica.net>
To: "Marcello Lupo" <lupo(a)itspecialist.it>it>;
<serusers(a)lists.iptel.org>
Sent: Tuesday, September 27, 2005 12:32 PM
Subject: Re: [Serusers] cisco 7905G
Thanks for your response.
I don't use STUN servers, I use SER with Mediaproxy.
My other sip clients works ok, and they are a stupid sip clients too.
I don't understand it, why the SER respond to private port and not to
public port?
Thanks.
--
Alberto
----- Original Message -----
From: "Marcello Lupo" <lupo(a)itspecialist.it>
To: "Alberto" <alberto.ipt(a)telefonica.net>et>;
<serusers(a)lists.iptel.org>
Sent: Tuesday, September 27, 2005 11:58 AM
Subject: Re: [Serusers] cisco 7905G
Hi,
the problem is that Cisco 7905G do not support STUN servers so it is not
able to know on which port the request is sent out after NAT. It is a
stupid SIP phone, in my opinion, to be used as SIP phone behind nat.
Eventually you need a router that make symmetric nat so the 5060 internal
port will be translated as 5060 out port but you will need in any case to
open ports for RTP and 5060 fr incoming calls.
Bye,
Marcello
----- Original Message -----
From: "Alberto" <alberto.ipt(a)telefonica.net>
To: <serusers(a)lists.iptel.org>
Sent: Tuesday, September 27, 2005 11:00 AM
Subject: [Serusers] cisco 7905G
Hi,
I have the next scheme:
7905G ------- NAT ------- Internet ------ SER+mediaproxy
When the 7905G sends a INVITE the ser responds:
Status: 407 Proxy Authentication Required.
This is right, but the destination port this packet not is right because
the ser sends the packet with
destination port 5060 (private port) and not the (public port). If I
open this port all it is right, I do not
want to open no port.
This single problem happens to me with 7905G (no linksys, no X-Ten,
...).
I do not understand what it is happening.
Thanks for your aid.
--
Alberto
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
2:25 p.m.
It seems like the phone does not provide the rport parameter in the Via
header. Either you turn it on at the phone. Otherwise the phone is almost
unusable behind NATs. Anyway you could still try to detect this phone models
and use force_rport (I dont remember the exact spelling, but there should be
a function like this), then the rport parameter is added by SER.
Nils
On Tuesday 27 September 2005 11:00, Alberto wrote:
Hi,
I have the next scheme:
7905G ------- NAT ------- Internet ------ SER+mediaproxy
When the 7905G sends a INVITE the ser responds:
Status: 407 Proxy Authentication Required.
This is right, but the destination port this packet not is right because
the ser sends the packet with
destination port 5060 (private port) and not the (public port). If I open
this port all it is right, I do not
want to open no port.
This single problem happens to me with 7905G (no linksys, no X-Ten, ...).
I do not understand what it is happening.
Thanks for your aid.
--
Alberto
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
6:44 p.m.
Thanks, I did it.
I use the force_rport() function before to authorize the 7905G.
My code is based of OnSIP.org examples. My final ser.cfg is:
route[3] {
# -----------------------------------------------------------------
# INVITE Message Handler
# -----------------------------------------------------------------
if (client_nat_test("3")) { # <---------- In the original
ser.cfg (OnSIP.org) this code was after next "if"
setflag(7);
force_rport();
fix_nated_contact();
};
if (!allow_trusted()) {
if (!proxy_authorize("","subscriber")) {
proxy_challenge("","0");
break;
} else if (!check_from()) {
sl_send_reply("403", "Use From=ID");
break;
};
consume_credentials();
};
...............................................
----- Original Message -----
From: "Nils Ohlmeier" <lists(a)ohlmeier.org>
To: <serusers(a)lists.iptel.org>
Cc: "Alberto" <alberto.ipt(a)telefonica.net>
Sent: Tuesday, September 27, 2005 1:25 PM
Subject: Re: [Serusers] cisco 7905G
It seems like the phone does not provide the rport
parameter in the Via
header. Either you turn it on at the phone. Otherwise the phone is almost
unusable behind NATs. Anyway you could still try to detect this phone
models
and use force_rport (I dont remember the exact spelling, but there should
be
a function like this), then the rport parameter is added by SER.
Nils
On Tuesday 27 September 2005 11:00, Alberto wrote:
> Hi,
> I have the next scheme:
>
> 7905G ------- NAT ------- Internet ------ SER+mediaproxy
>
> When the 7905G sends a INVITE the ser responds:
> Status: 407 Proxy Authentication Required.
>
> This is right, but the destination port this packet not is right because
> the ser sends the packet with
> destination port 5060 (private port) and not the (public port). If I
> open
> this port all it is right, I do not
> want to open no port.
>
> This single problem happens to me with 7905G (no linksys, no X-Ten, ...).
>
> I do not understand what it is happening.
>
> Thanks for your aid.
>
> --
> Alberto
>
> _______________________________________________
> Serusers mailing list
> serusers(a)lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
7002
days inactive
7002
days old
5 comments
3 participants
participants (3)
-
Alberto -
Marcello Lupo -
Nils Ohlmeier