- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
- Adtran Support Community
- :
- Discussion
- :
- Total Access
- :
- Total Access 900/900e Series
- :
- Re: TA-908e Not Properly Responding to SIP 407 Proxy Authentication Required
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
TA-908e Not Properly Responding to SIP 407 Proxy Authentication Required
TA-908e is trying to establish a call through a Genband SBC.
The trunk is configured to authenticate, which it does (although it is still not responding to Options keep-alives (see How to get TA-908e to respond to OPTIONS request), we have turned that off in the SBC for it to allow the trunk to come up.
What the SBC is now requiring after all that is for the TA to authenticate on every call. When calls are sent from the TA to the SBC, the SBC responds with:
"SIP 407 Proxy Authentication Required"
In short, it wants the call to use the same credentials the trunk is already successfully using to authenticate during Registration.
But the INVITE call dialog is responding with:
Authentication Scheme: Digest
Username: ""
Realm: "Realm"
It is not using the trunk's credentials and leaving the Username blank.
Full packet is as follows:
Frame 158: 1242 bytes on wire (9936 bits), 1242 bytes captured (9936 bits) on interface 0
Interface id: 0 (em1)
Interface name: em1
Encapsulation type: Ethernet (1)
Arrival Time: Nov 9, 2017 10:28:26.173158499 Central Standard Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1510244906.173158499 seconds
[Time delta from previous captured frame: 0.003808057 seconds]
[Time delta from previous displayed frame: 0.003808057 seconds]
[Time since reference or first frame: 18.448503352 seconds]
Frame Number: 158
Frame Length: 1242 bytes (9936 bits)
Capture Length: 1242 bytes (9936 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:udp:sip:sdp]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: Cisco_c3:ec:c9 (a4:93:4c:c3:ec:c9), Dst: Advantec_8d:e1:5b (00:0b:ab:8d:e1:5b)
Destination: Advantec_8d:e1:5b (00:0b:ab:8d:e1:5b)
Address: Advantec_8d:e1:5b (00:0b:ab:8d:e1:5b)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: Cisco_c3:ec:c9 (a4:93:4c:c3:ec:c9)
Address: Cisco_c3:ec:c9 (a4:93:4c:c3:ec:c9)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 172.16.37.166, Dst: 146.6.54.154
0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x68 (DSCP: AF31, ECN: Not-ECT)
0110 10.. = Differentiated Services Codepoint: Assured Forwarding 31 (26)
.... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 1228
Identification: 0x5c17 (23575)
Flags: 0x00
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 252
Protocol: UDP (17)
Header checksum: 0xc34a [validation disabled]
[Header checksum status: Unverified]
Source: 172.16.37.166
Destination: 146.6.54.154
[Source GeoIP: Unknown]
[Destination GeoIP: Unknown]
User Datagram Protocol, Src Port: 5060, Dst Port: 5060
Source Port: 5060
Destination Port: 5060
Length: 1208
Checksum: 0x438a [unverified]
[Checksum Status: Unverified]
[Stream index: 10]
Session Initiation Protocol (INVITE)
Request-Line: INVITE sip:95125553215@sippbx.mylab.net:5060 SIP/2.0
Method: INVITE
Request-URI: sip:95125553215@sippbx.mylab.net:5060
Request-URI User Part: 95125553215
Request-URI Host Part: sippbx.mylab.net
Request-URI Host Port: 5060
[Resent Packet: False]
Message Header
From: <sip:5125554942@sippbx.mylab.net:5060;transport=UDP>;tag=5283228-7f000001-13c4-236416-1d5c8e8a-236416
SIP from address: sip:5125554942@sippbx.mylab.net:5060;transport=UDP
SIP from address User Part: 5125554942
SIP from address Host Part: sippbx.mylab.net
SIP from address Host Port: 5060
SIP From URI parameter: transport=UDP
SIP from tag: 5283228-7f000001-13c4-236416-1d5c8e8a-236416
To: <sip:95125553215@sippbx.mylab.net:5060>
SIP to address: sip:95125553215@sippbx.mylab.net:5060
SIP to address User Part: 95125553215
SIP to address Host Part: sippbx.mylab.net
SIP to address Host Port: 5060
Call-ID: 52ca490-7f000001-13c4-236416-6d584b03-236416@sippbx.mylab.net
CSeq: 2 INVITE
Sequence Number: 2
Method: INVITE
Via: SIP/2.0/UDP 172.16.37.166:5060;branch=z9hG4bK-236416-8a3ef7b6-2b14a9ab
Transport: UDP
Sent-by Address: 172.16.37.166
Sent-by port: 5060
Branch: z9hG4bK-236416-8a3ef7b6-2b14a9ab
Max-Forwards: 70
Supported: 100rel,replaces
Allow: ACK, BYE, CANCEL, INFO, INVITE, NOTIFY, OPTIONS, PRACK, REFER, REGISTER
User-Agent: ADTRAN_Total_Access_908e_2nd_Gen/R12.3.3.E
P-Asserted-Identity: <sip:5125554942@sippbx.mylab.net>
SIP PAI Address: sip:5125554942@sippbx.mylab.net
SIP PAI User Part: 5125554942
SIP PAI Host Part: sippbx.mylab.net
Contact: <sip:5125554942@172.16.37.166:5060;transport=UDP>
Contact URI: sip:5125554942@172.16.37.166:5060;transport=UDP
Contact URI User Part: 5125554942
Contact URI Host Part: 172.16.37.166
Contact URI Host Port: 5060
Contact URI parameter: transport=UDP
[truncated]Proxy-Authorization: Digest username="",realm="Realm",nonce="MTUxMDIxODI0ODU0OGQxYjJlZjE2ODY5NzcxN2JjYTNiODQxN2Q4N2NlNjEx",uri="sip:95125553215@sippbx.mylab.net:5060",response="022661c2f5e309146adc70998dd30ac1",algorithm=MD5,cn
Authentication Scheme: Digest
Username: ""
Realm: "Realm"
Nonce Value: "MTUxMDIxODI0ODU0OGQxYjJlZjE2ODY5NzcxN2JjYTNiODQxN2Q4N2NlNjEx"
Authentication URI: "sip:95125553215@sippbx.mylab.net:5060"
Digest Authentication Response: "022661c2f5e309146adc70998dd30ac1"
Algorithm: MD5
CNonce Value: "8a3ef7b7"
QOP: auth
Nonce Count: 00000001
Content-Type: application/sdp
Content-Length: 210
Message Body
Session Description Protocol
Session Description Protocol Version (v): 0
Owner/Creator, Session Id (o): - 1510244905 1 IN IP4 172.16.37.166
Owner Username: -
Session ID: 1510244905
Session Version: 1
Owner Network Type: IN
Owner Address Type: IP4
Owner Address: 172.16.37.166
Session Name (s): -
Connection Information (c): IN IP4 172.16.37.166
Connection Network Type: IN
Connection Address Type: IP4
Connection Address: 172.16.37.166
Time Description, active time (t): 0 0
Session Start Time: 0
Session Stop Time: 0
Media Description, name and address (m): audio 12018 RTP/AVP 0 101
Media Type: audio
Media Port: 12018
Media Protocol: RTP/AVP
Media Format: ITU-T G.711 PCMU
Media Format: DynamicRTP-Type-101
Media Attribute (a): silenceSupp:off - - - -
Media Attribute Fieldname: silenceSupp
Media Attribute Value: off - - - -
Media Attribute (a): rtpmap:0 PCMU/8000
Media Attribute Fieldname: rtpmap
Media Format: 0
MIME Type: PCMU
Sample Rate: 8000
Media Attribute (a): rtpmap:101 telephone-event/8000
Media Attribute Fieldname: rtpmap
Media Format: 101
MIME Type: telephone-event
Sample Rate: 8000
Media Attribute (a): fmtp:101 0-15
Media Attribute Fieldname: fmtp
Media Format: 101 [telephone-event]
Media format specific parameters: 0-15
Any ideas on what to set in the TA to correct this?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Accept as Solution
- Report Inappropriate Content
Re: TA-908e Not Properly Responding to SIP 407 Proxy Authentication Required
On the Genband SBC Voice trunk, do you have authentication username XXXXX password XXXX defined?
Would you be able to share the Voice Trunk configuration for the Genband SBC trunk?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Accept as Solution
- Report Inappropriate Content
Re: TA-908e Not Properly Responding to SIP 407 Proxy Authentication Required
Sorry, I saw this post and I had similar problem encountered in NV6310. The SIP server require every invite received to be authenticated again despite the user had already registered to the sip trunk. The server sent a 401 Unauthorized with the nounce for the sip trunk to use to encrypt the username and password but the username is blank, resulting a failure in authentication. Below is the trace captured at the server end:
09:03:10.270 SIP.MSG INVITE RSP TX p0282451972 0434284871
SIP/2.0 401 Unauthorized
From: <sip:p0282451972@abcde.com.au:5060;transport=UDP>;tag=50fe780-7f000001-13c4-161662-396912f6-161662
To: <sip:0434284871@abcde.com.au:5060>;tag=1946247272-1518044590200
Call-ID: 51412b8-7f000001-13c4-161662-502c883f-161662@abcde.com.au
CSeq: 1 INVITE
Via: SIP/2.0/UDP 10.0.7.62:5060;branch=z9hG4bK-161662-56476f3a-7d1a466a
WWW-Authenticate: Digest realm="abcde.com.au",nonce="BroadWorksXjddojybcTd4x2aqBW",algorithm=MD5,qop="auth"
Content-Length: 0
09:03:10.308 SIP.MSG INVITE REQ RX p0282451972 0434284871
INVITE sip:0434284871@abcde.com.au:5060 SIP/2.0
From: <sip:p0282451972@abcde.com.au:5060;transport=UDP>;tag=50fe780-7f000001-13c4-161662-396912f6-161662
To: <sip:0434284871@abcde.com.au:5060>
Call-ID: 51412b8-7f000001-13c4-161662-502c883f-161662@snowyhydro.com.au
CSeq: 2 INVITE
Via: SIP/2.0/UDP 10.0.7.62:5060;branch=z9hG4bK-161662-56476fc7-34cc933b
Max-Forwards: 70
Supported: 100rel
Supported: replaces
User-Agent: ADTRAN_Netvanta_6310_2nd_Gen/R12.3.3.E
Allow: ACK,BYE,CANCEL,INFO,INVITE,NOTIFY,OPTIONS,PRACK,REFER,REGISTER
Contact: <sip:p0282451972@10.0.7.62:5060;transport=UDP>
Authorization: Digest username="",realm="sbcde.com.au",nonce="BroadWorksXjddojybcTd4x2aqBW",uri="sip:0434284871@abcde.com.au:5060",response="3891233ec754b9051a411827b1fa535b",algorithm=MD5,cnonce="56476fc8",qop=auth,nc=00000001
Content-Type: application/sdp
Content-Length: 273
Packet below is “403 Authentication Failure”
09:03:10.408 SIP.MSG INVITE RSP RX p0282451972 0434284871
SIP/2.0 403 Authentication Failure
From: <sip:p0282451972@abcde.com.au:5060;transport=UDP>;tag=50fe780-7f000001-13c4-161662-396912f6-161662
To: <sip:0434284871@abcde.com.au:5060>;tag=90043862-1518044590329
Call-ID: 51412b8-7f000001-13c4-161662-502c883f-161662@snowyhydro.com.au
CSeq: 2 INVITE
Via: SIP/2.0/UDP 10.238.99.3:5060;branch=z9hG4bK-161662-56476fc7-34cc933b
Content-Length: 0
Below is the voice trunk configuration:
syNV6310#sho run voice trunk
Building configuration...
!
!
voice trunk T01 type sip
sip-server primary sbc-nsw.nipt.telstra.com
registrar primary sbc-nsw.nipt.telstra.com
registrar expire-time 600
conferencing-uri "t"
domain "abcde.com.au"
dial-string source to
hmr Change_Called_Number in
hmr ChangeCaller out
register p0292781814 auth-name "p0292781814" password "P@ssword12g"
register p0292781821 auth-name "p0292781821" password "P@ssword12h"
register p0292781823 auth-name "p0292781823" password "P@ssword12i"
register p0292781824 auth-name "p0292781824" password "P@ssword12j"
register p0292781825 auth-name "p0292781825" password "P@ssword12k"
register p0282451972 auth-name "p0292781812" password "P@ssword12e"
register p0282451973 auth-name "p0292781813" password "P@ssword12f"
trust-domain
codec-list g711_g729 both
grammar request-uri host domain
grammar from host domain
grammar to host domain
!
voice trunk T02 type isdn
description "ISDN"
resource-selection linear ascending
connect isdn-group 1
no early-cut-through
rtp delay-mode adaptive
codec-list SIP
!
end
syNV6310#
Appreciate your advice on how to resolve this problem. The NV6310 is running with R12.3.3.E.