[Serusers] SER and the SPA3000
Klaus Darilion
klaus.mailinglists at pernau.at
Tue Aug 10 02:11:28 CEST 2004
Greg Fausak wrote:
> This is an interesting problem.
> I would venture to say that if you did NOT authenticate
> for those calls that you pass to a spa-3000, then that would work...
> that is, if your SERPROXY doesn't authenticate.
>
> is it possible that the problem is trying to authorize
> twice...once for your UAC<->SERPROXY and then the
> UAC<->SERPROXY<->UAS(SPA3000)
>
> Can you have multiple credentials in the same SIP packet?
> Seems like it should work...
SIP allows multiple credentials in one request. These credentials differ
in the realm string. So using the same realm for 2 hops does not work as
long as the hops are not synchronized in producing the nonce. Maybe it
can work if the proxy uses proxy-authentication and the SIPURA uses
www_authentication.
Nevertheless I don't have any glue why ser blocks the 401 response from
the SIPURA. Please post a SIP message dump.
regards,
klaus
>
> Sorry, not much help I know. Do you have a packet trace?
>
> ---greg
>
>
> On Aug 9, 2004, at 3:39 PM, Andres wrote:
>
>>
>> Juha Heinanen wrote:
>>
>>> andres,
>>>
>>> how about selecting the gw in ser based on caller's domain?
>>>
>>>
>> There is just one domain (all our subs belong to one domain). And the
>> gateways are the SPA3000 which register dynamically as simply another
>> UA. So gateways cannot be thought of as in the traditional sense.
>> Even if they had static IPs, it would be a nightmare to manage say
>> 1000 FXO personal gateways.
>>
>> The way this works for example is a sub purchases 2 accounts. Account
>> 1000 is for UA1(ATA186 for example) and account 1001 is for the
>> FXO1(Sipura 3000). Both are separate hardware devices located in
>> different places(and both register with SER). UA1 places a call to
>> 1001, the FXO port will answer and give him local dial tone. UA1 then
>> passess DTMF digits to the local telco attached to the FXO1. But the
>> sub does not want anybody on our network to access line 1001, just
>> those predefined on the FXO1 username/password digest definition
>> (inside the SPA3000 config).
>>
>> UA1 (1000) ------>SER--------->FXO1 (1001) ----> PSTN
>>
>> There are other ways to authenticate the caller like via a PIN or
>> Caller ID. But we are trying to see if digest authentication is also
>> possible.
>>
>>> -- juha
>>>
>>>
>>
>> --
>> Andres
>> Network Admin
>> http://www.telesip.net
>>
>>
>> _______________________________________________
>> Serusers mailing list
>> serusers at lists.iptel.org
>> http://lists.iptel.org/mailman/listinfo/serusers
>>
>>
> Greg Fausak
> www.AddaBrand.com
> (US) 469-546-1265
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
>
More information about the sr-users
mailing list