<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Stefan,<br>
<br>
Thank you for your insight. You were right on that the spa was not
getting the response. Once I started capturing packets at the
firewall, it was quickly obvious that NAT was the culprit.
However, how to get the NAT to behave correctly for that device
took quite a bit of testing to determine.<br>
<br>
I now have 5 other devices working behind NAT and they all work
fine without changes, but the Cisco SPA112 sends its SIP packets
differently, which were not cooperating with the NAT configuration
on my pfSense router/firewall. All NAT'd packets back to that
device were being dropped at the firewall, even though it was
configured to permit them.<br>
<br>
In FreeSWITCH, I created a separate sip profile to handle this
special NAT case and through a trial of deduction found that
setting NDLB-force-rport to true made packets NAT correctly back
to the device. Other NAT configurations, including
sip-force-contact with value NDLB-connectile-dysfunction on the
specific user, did not work.<br>
<br>
Testing shows that the device on that sip profile, now works
correctly. Are there any additional considerations I should take
into account with this or other NAT options?<br>
<br>
Thank you very much to all who responded.<br>
<div class="moz-signature"><br>
Robert Oldham<br>
<hr width="30%" align="left">
Oldham Technology<br>
W: 801-877-2190 x801<br>
E: <a class="moz-txt-link-abbreviated" href="mailto:robert@oldhamtechnology.com">robert@oldhamtechnology.com</a><br>
<a class="moz-txt-link-freetext" href="http://www.oldhamtechnology.com">http://www.oldhamtechnology.com</a><br>
<br>
</div>
<br>
On 01/02/2015 09:23 AM, Robert Oldham wrote:<br>
</div>
<blockquote cite="mid:54A6C5EF.3090006@oldhamtechnology.com"
type="cite">
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
<div class="moz-cite-prefix">I'll check that. I'll grab a packet
capture within the local network and see if those packets are
making it back.<br>
<br>
If it is a NAT problem, it is a little confusing that the other
phones are getting theirs on the same network behind the same
NAT. <br>
<div class="moz-signature"><br>
Thanks,<br>
Robert Oldham
<hr width="40%" align="left"> Oldham Technology<br>
W: 801-877-2190 x801<br>
E: <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:robert@oldhamtechnology.com">robert@oldhamtechnology.com</a><br>
<a moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://www.oldhamtechnology.com">http://www.oldhamtechnology.com</a><br>
<br>
<br>
On 01/02/2015 12:13 AM, Stefan Kainz wrote:<br>
</div>
</div>
<blockquote
cite="mid:E867A280-D8E1-4771-BB75-1BA4BB72562B@1012.at"
type="cite">
<meta http-equiv="content-type" content="text/html;
charset=windows-1252">
<div>Hello, </div>
<div><br>
</div>
<div>This is most likely a nat problem. </div>
<div>The spa is not getting the unauthorized response. </div>
<div><br>
</div>
<div><br>
</div>
<div>Regards,<br>
</div>
<div><br>
On 02 Jan 2015, at 08:02, Robert Oldham <<a
moz-do-not-send="true"
href="mailto:robert@oldhamtechnology.com">robert@oldhamtechnology.com</a>>
wrote:<br>
<br>
</div>
<blockquote type="cite">
<div>1. Tenant domain is a valid domain that resolves to an IP
address. Using the domain, the Cisco spa 112 contacts the
server with the registration request.<br>
2. The tenant domain is 27 characters.<br>
3. The Cisco spa 112 is using the domain name and not the IP
address of the server.<br>
<br>
I am only getting 401 answers, no 403s. This is what is
confusing me: I am struggling to understand why the device
will not send the authentication.<br>
<br>
Thank you,<br>
Robert<br>
<br>
<br>
<div class="gmail_quote">On January 1, 2015 8:50:30 PM MST,
Luis Daniel Lucio Quiroz <<a moz-do-not-send="true"
href="mailto:luis.daniel.lucio@gmail.com">luis.daniel.lucio@gmail.com</a>>
wrote:
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt
0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;">
<pre class="k9mail">Check this in this order:
1. tenant domain must resolve to a IP or you must use Proxy settings
in your phone
2. your tenant domain must not exceed 63 characteers (DNS restriction)
3. registar setting on your phone must be using the tenant domain, not the IP
if you only get 401 answers, that means you are not sending the authentication
if you get 403 answers, means you are sending wrong authentication
</pre>
</blockquote>
</div>
</div>
</blockquote>
<blockquote type="cite">
<div><span>_________________________________________________________________________</span><br>
<span>Professional FreeSWITCH Consulting Services: </span><br>
<span><a moz-do-not-send="true"
href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a></span><br>
<span><a moz-do-not-send="true"
href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a></span><br>
<span></span><br>
<span>Official FreeSWITCH Sites</span><br>
<span><a moz-do-not-send="true"
href="http://www.freeswitch.org">http://www.freeswitch.org</a></span><br>
<span><a moz-do-not-send="true"
href="http://confluence.freeswitch.org">http://confluence.freeswitch.org</a></span><br>
<span><a moz-do-not-send="true"
href="http://www.cluecon.com">http://www.cluecon.com</a></span><br>
<span></span><br>
<span>FreeSWITCH-users mailing list</span><br>
<span><a moz-do-not-send="true"
href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a></span><br>
<span><a moz-do-not-send="true"
href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a></span><br>
<span>UNSUBSCRIBE:<a moz-do-not-send="true"
class="moz-txt-link-freetext" href="http://">http://</a><a
moz-do-not-send="true"
href="http://lists.freeswitch.org/mailman/options/freeswitch-users">lists.freeswitch.org/mailman/options/freeswitch-users</a></span><br>
<span><a moz-do-not-send="true"
href="http://www.freeswitch.org">http://www.freeswitch.org</a></span></div>
</blockquote>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a>
Official FreeSWITCH Sites
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://confluence.freeswitch.org">http://confluence.freeswitch.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.cluecon.com">http://www.cluecon.com</a>
FreeSWITCH-users mailing list
<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a></pre>
</blockquote>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_________________________________________________________________________
Professional FreeSWITCH Consulting Services:
<a class="moz-txt-link-abbreviated" href="mailto:consulting@freeswitch.org">consulting@freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitchsolutions.com">http://www.freeswitchsolutions.com</a>
Official FreeSWITCH Sites
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://confluence.freeswitch.org">http://confluence.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://www.cluecon.com">http://www.cluecon.com</a>
FreeSWITCH-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:FreeSWITCH-users@lists.freeswitch.org">FreeSWITCH-users@lists.freeswitch.org</a>
<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/listinfo/freeswitch-users">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users</a>
UNSUBSCRIBE:<a class="moz-txt-link-freetext" href="http://lists.freeswitch.org/mailman/options/freeswitch-users">http://lists.freeswitch.org/mailman/options/freeswitch-users</a>
<a class="moz-txt-link-freetext" href="http://www.freeswitch.org">http://www.freeswitch.org</a></pre>
</blockquote>
<br>
</body>
</html>